Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Little fixes (S06, S03, S109) #340

Merged
merged 2 commits into from
Oct 9, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion config/distri_id.cfg
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ OpenWRT;/etc/banner;grep -a -o -E "BACKFIRE.\(bleeding.edge..r[0-9]+\)";sort -u
# Reboot (17.01.0-rc2, r3131-42f3c1f) -> LEDE
OpenWRT;/etc/openwrt_release;grep -a -o -E -e "^DISTRIB_ID=.*" -a -o -E -e "^DISTRIB_RELEASE=.*[0-9].*" -a -o -E -e "^DISTRIB_REVISION=.*";sort -u | tr '\n' ' ' | sed 's/DISTRIB_ID=//g' | sed 's/DISTRIB_RELEASE=//g' | sed 's/DISTRIB_REVISION=//g' | tr -d \' | tr -d \"
OpenWRT;/etc/openwrt_version;grep -E -e "[0-9]+\.[0-9]+";sed -e 's/^/OpenWrt\ /g'
buildroot;/etc/os-release;grep -a -o -E -e "^NAME=.*" -a -o -E -e "^VERSION_ID=.*";sort -u | tr '\n' ' ' | sed 's/NAME=//g' | sed 's/VERSION_ID=//g' | tr -d \" | grep -i "Buildroot [0-9]"
buildroot;/etc/os-release;grep -a -o -E -e "^NAME=.*" -a -o -E -e "^VERSION_ID=[0-9].*";sort -u | tr '\n' ' ' | sed 's/NAME=//g' | sed 's/VERSION_ID=//g' | tr -d \"
os-release-Linux;/etc/os-release;grep -a -o -E -e "^NAME=.*" -a -o -E -e "^VERSION=.*";sort -u | tr '\n' ' ' | sed 's/NAME=//g' | sed 's/VERSION=//g' | tr -d \"
lsb-release-Linux;/etc/lsb-release;grep -a -o -E -e "^DISTRIB_ID=.*" -a -o -E -e "^DISTRIB_RELEASE=.*";sort -u | tr '\n' ' ' | sed 's/DISTRIB_ID=//g' | sed 's/DISTRIB_RELEASE=//g' | tr -d \"
#debian-Linux;/etc/debian-version;-a -o -E -e ".*";sort -u
Expand Down
26 changes: 25 additions & 1 deletion config/msf_cve-db.txt
Original file line number Diff line number Diff line change
Expand Up @@ -245,6 +245,8 @@
/usr/share/metasploit-framework/modules/auxiliary/gather/jetty_web_inf_disclosure.rb:CVE-2021-34429
/usr/share/metasploit-framework/modules/auxiliary/gather/joomla_contenthistory_sqli.rb:CVE-2015-7297
/usr/share/metasploit-framework/modules/auxiliary/gather/ldap_hashdump.rb:CVE-2020-3952
/usr/share/metasploit-framework/modules/auxiliary/gather/manageengine_adaudit_plus_xnode_enum.rb:CVE-2020-11532
/usr/share/metasploit-framework/modules/auxiliary/gather/manageengine_datasecurity_plus_xnode_enum.rb:CVE-2020-11532
/usr/share/metasploit-framework/modules/auxiliary/gather/mantisbt_admin_sqli.rb:CVE-2014-2238
/usr/share/metasploit-framework/modules/auxiliary/gather/mcafee_epo_xxe.rb:CVE-2015-0921
/usr/share/metasploit-framework/modules/auxiliary/gather/mcafee_epo_xxe.rb:CVE-2015-0922
Expand Down Expand Up @@ -417,6 +419,9 @@
/usr/share/metasploit-framework/modules/auxiliary/scanner/http/tplink_traversal_noauth.rb:CVE-2012-5687
/usr/share/metasploit-framework/modules/auxiliary/scanner/http/trace.rb:CVE-2005-3398
/usr/share/metasploit-framework/modules/auxiliary/scanner/http/tvt_nvms_traversal.rb:CVE-2019-20085
/usr/share/metasploit-framework/modules/auxiliary/scanner/http/vicidial_multiple_sqli.rb:CVE-2022-34876
/usr/share/metasploit-framework/modules/auxiliary/scanner/http/vicidial_multiple_sqli.rb:CVE-2022-34877
/usr/share/metasploit-framework/modules/auxiliary/scanner/http/vicidial_multiple_sqli.rb:CVE-2022-34878
/usr/share/metasploit-framework/modules/auxiliary/scanner/http/wangkongbao_traversal.rb:CVE-2012-4031
/usr/share/metasploit-framework/modules/auxiliary/scanner/http/webdav_internal_ip.rb:CVE-2002-0422
/usr/share/metasploit-framework/modules/auxiliary/scanner/http/wildfly_traversal.rb:CVE-2014-7816
Expand Down Expand Up @@ -606,6 +611,7 @@
/usr/share/metasploit-framework/modules/exploits/hpux/lpd/cleanup_exec.rb:CVE-2002-1473
/usr/share/metasploit-framework/modules/exploits/irix/lpd/tagprinter_exec.rb:CVE-2001-0800
/usr/share/metasploit-framework/modules/exploits/linux/browser/adobe_flashplayer_aslaunch.rb:CVE-2008-5499
/usr/share/metasploit-framework/modules/exploits/linux/fileformat/unrar_cve_2022_30333.rb:CVE-2022-30333
/usr/share/metasploit-framework/modules/exploits/linux/ftp/proftp_sreplace.rb:CVE-2006-5815
/usr/share/metasploit-framework/modules/exploits/linux/ftp/proftp_telnet_iac.rb:CVE-2010-4221
/usr/share/metasploit-framework/modules/exploits/linux/games/ut2004_secure.rb:CVE-2004-0608
Expand All @@ -620,6 +626,7 @@
/usr/share/metasploit-framework/modules/exploits/linux/http/apache_druid_js_rce.rb:CVE-2021-25646
/usr/share/metasploit-framework/modules/exploits/linux/http/apache_ofbiz_deserialization.rb:CVE-2020-9496
/usr/share/metasploit-framework/modules/exploits/linux/http/apache_ofbiz_deserialization_soap.rb:CVE-2021-26295
/usr/share/metasploit-framework/modules/exploits/linux/http/apache_spark_rce_cve_2022_33891.rb:CVE-2022-33891
/usr/share/metasploit-framework/modules/exploits/linux/http/artica_proxy_auth_bypass_service_cmds_peform_command_injection.rb:CVE-2020-17505
/usr/share/metasploit-framework/modules/exploits/linux/http/artica_proxy_auth_bypass_service_cmds_peform_command_injection.rb:CVE-2020-17506
/usr/share/metasploit-framework/modules/exploits/linux/http/asuswrt_lan_rce.rb:CVE-2018-5999
Expand All @@ -628,11 +635,13 @@
/usr/share/metasploit-framework/modules/exploits/linux/http/axis_srv_parhand_rce.rb:CVE-2018-10661
/usr/share/metasploit-framework/modules/exploits/linux/http/axis_srv_parhand_rce.rb:CVE-2018-10662
/usr/share/metasploit-framework/modules/exploits/linux/http/belkin_login_bof.rb:CVE-2014-1635
/usr/share/metasploit-framework/modules/exploits/linux/http/bitbucket_git_cmd_injection.rb:CVE-2022-36804
/usr/share/metasploit-framework/modules/exploits/linux/http/bludit_upload_images_exec.rb:CVE-2019-16113
/usr/share/metasploit-framework/modules/exploits/linux/http/cayin_cms_ntp.rb:CVE-2020-7357
/usr/share/metasploit-framework/modules/exploits/linux/http/centreon_sqli_exec.rb:CVE-2014-3828
/usr/share/metasploit-framework/modules/exploits/linux/http/centreon_sqli_exec.rb:CVE-2014-3829
/usr/share/metasploit-framework/modules/exploits/linux/http/cfme_manageiq_evm_upload_exec.rb:CVE-2013-2068
/usr/share/metasploit-framework/modules/exploits/linux/http/cisco_asax_sfr_rce.rb:CVE-2022-20828
/usr/share/metasploit-framework/modules/exploits/linux/http/cisco_firepower_useradd.rb:CVE-2016-6433
/usr/share/metasploit-framework/modules/exploits/linux/http/cisco_hyperflex_file_upload_rce.rb:CVE-2021-1499
/usr/share/metasploit-framework/modules/exploits/linux/http/cisco_hyperflex_hx_data_platform_cmd_exec.rb:CVE-2021-1497
Expand Down Expand Up @@ -714,6 +723,7 @@
/usr/share/metasploit-framework/modules/exploits/linux/http/microfocus_secure_messaging_gateway.rb:CVE-2018-12464
/usr/share/metasploit-framework/modules/exploits/linux/http/microfocus_secure_messaging_gateway.rb:CVE-2018-12465
/usr/share/metasploit-framework/modules/exploits/linux/http/mida_solutions_eframework_ajaxreq_rce.rb:CVE-2020-15920
/usr/share/metasploit-framework/modules/exploits/linux/http/mobileiron_core_log4shell.rb:CVE-2021-44228
/usr/share/metasploit-framework/modules/exploits/linux/http/mobileiron_mdm_hessian_rce.rb:CVE-2020-15505
/usr/share/metasploit-framework/modules/exploits/linux/http/multi_ncc_ping_exec.rb:CVE-2015-1187
/usr/share/metasploit-framework/modules/exploits/linux/http/mutiny_frontend_upload.rb:CVE-2013-0136
Expand All @@ -739,6 +749,7 @@
/usr/share/metasploit-framework/modules/exploits/linux/http/nuuo_nvrmini_auth_rce.rb:CVE-2016-5675
/usr/share/metasploit-framework/modules/exploits/linux/http/nuuo_nvrmini_unauth_rce.rb:CVE-2016-5674
/usr/share/metasploit-framework/modules/exploits/linux/http/pandora_fms_events_exec.rb:CVE-2020-13851
/usr/share/metasploit-framework/modules/exploits/linux/http/panos_op_cmd_exec.rb:CVE-2020-2038
/usr/share/metasploit-framework/modules/exploits/linux/http/panos_readsessionvars.rb:CVE-2017-15944
/usr/share/metasploit-framework/modules/exploits/linux/http/peercast_url.rb:CVE-2006-1148
/usr/share/metasploit-framework/modules/exploits/linux/http/php_imap_open_rce.rb:CVE-2018-1000859
Expand Down Expand Up @@ -815,10 +826,14 @@
/usr/share/metasploit-framework/modules/exploits/linux/http/wd_mycloud_multiupload_upload.rb:CVE-2017-17560
/usr/share/metasploit-framework/modules/exploits/linux/http/webcalendar_settings_exec.rb:CVE-2012-1495
/usr/share/metasploit-framework/modules/exploits/linux/http/webmin_backdoor.rb:CVE-2019-15107
/usr/share/metasploit-framework/modules/exploits/linux/http/webmin_package_updates_rce.rb:CVE-2022-36446
/usr/share/metasploit-framework/modules/exploits/linux/http/webmin_packageup_rce.rb:CVE-2019-12840
/usr/share/metasploit-framework/modules/exploits/linux/http/wepresent_cmd_injection.rb:CVE-2019-3929
/usr/share/metasploit-framework/modules/exploits/linux/http/xplico_exec.rb:CVE-2017-16666
/usr/share/metasploit-framework/modules/exploits/linux/http/zabbix_sqli.rb:CVE-2013-5743
/usr/share/metasploit-framework/modules/exploits/linux/http/zimbra_mboximport_cve_2022_27925.rb:CVE-2022-27925
/usr/share/metasploit-framework/modules/exploits/linux/http/zimbra_mboximport_cve_2022_27925.rb:CVE-2022-37042
/usr/share/metasploit-framework/modules/exploits/linux/http/zimbra_unrar_cve_2022_30333.rb:CVE-2022-30333
/usr/share/metasploit-framework/modules/exploits/linux/http/zimbra_xxe_rce.rb:CVE-2019-9621
/usr/share/metasploit-framework/modules/exploits/linux/http/zimbra_xxe_rce.rb:CVE-2019-9670
/usr/share/metasploit-framework/modules/exploits/linux/http/zyxel_ztp_rce.rb:CVE-2022-30525
Expand Down Expand Up @@ -877,6 +892,9 @@
/usr/share/metasploit-framework/modules/exploits/linux/local/ufo_privilege_escalation.rb:CVE-2017-1000112
/usr/share/metasploit-framework/modules/exploits/linux/local/vmware_alsa_config.rb:CVE-2017-4915
/usr/share/metasploit-framework/modules/exploits/linux/local/vmware_mount.rb:CVE-2013-1662
/usr/share/metasploit-framework/modules/exploits/linux/local/vmware_workspace_one_access_certproxy_lpe.rb:CVE-2022-31660
/usr/share/metasploit-framework/modules/exploits/linux/local/zimbra_slapper_priv_esc.rb:CVE-2022-37393
/usr/share/metasploit-framework/modules/exploits/linux/local/zyxel_suid_cp_lpe.rb:CVE-2022-30526
/usr/share/metasploit-framework/modules/exploits/linux/misc/aerospike_database_udf_cmd_exec.rb:CVE-2020-13151
/usr/share/metasploit-framework/modules/exploits/linux/misc/asus_infosvr_auth_bypass_exec.rb:CVE-2014-9583
/usr/share/metasploit-framework/modules/exploits/linux/misc/cisco_rv340_sslvpn.rb:CVE-2022-20699
Expand Down Expand Up @@ -1917,6 +1935,7 @@
/usr/share/metasploit-framework/modules/exploits/windows/games/racer_503beta5.rb:CVE-2007-4370
/usr/share/metasploit-framework/modules/exploits/windows/games/ut2004_secure.rb:CVE-2004-0608
/usr/share/metasploit-framework/modules/exploits/windows/http/adobe_robohelper_authbypass.rb:CVE-2009-3068
/usr/share/metasploit-framework/modules/exploits/windows/http/advantech_iview_networkservlet_cmd_inject.rb:CVE-2022-2143
/usr/share/metasploit-framework/modules/exploits/windows/http/advantech_iview_unauth_rce.rb:CVE-2021-22652
/usr/share/metasploit-framework/modules/exploits/windows/http/altn_securitygateway.rb:CVE-2008-4193
/usr/share/metasploit-framework/modules/exploits/windows/http/altn_webadmin.rb:CVE-2003-0471
Expand Down Expand Up @@ -1956,7 +1975,8 @@
/usr/share/metasploit-framework/modules/exploits/windows/http/ektron_xslt_exec.rb:CVE-2012-5357
/usr/share/metasploit-framework/modules/exploits/windows/http/ektron_xslt_exec_ws.rb:CVE-2015-0923
/usr/share/metasploit-framework/modules/exploits/windows/http/ericom_access_now_bof.rb:CVE-2014-3913
/usr/share/metasploit-framework/modules/exploits/windows/http/exchange_chainedserializationbinder_denylist_typo_rce.rb:CVE-2021-42321
/usr/share/metasploit-framework/modules/exploits/windows/http/exchange_chainedserializationbinder_rce.rb:CVE-2021-42321
/usr/share/metasploit-framework/modules/exploits/windows/http/exchange_chainedserializationbinder_rce.rb:CVE-2022-23277
/usr/share/metasploit-framework/modules/exploits/windows/http/exchange_ecp_dlp_policy.rb:CVE-2020-16875
/usr/share/metasploit-framework/modules/exploits/windows/http/exchange_ecp_dlp_policy.rb:CVE-2020-17132
/usr/share/metasploit-framework/modules/exploits/windows/http/exchange_ecp_viewstate.rb:CVE-2020-0688
Expand Down Expand Up @@ -2018,6 +2038,7 @@
/usr/share/metasploit-framework/modules/exploits/windows/http/landesk_thinkmanagement_upload_asp.rb:CVE-2012-1195
/usr/share/metasploit-framework/modules/exploits/windows/http/landesk_thinkmanagement_upload_asp.rb:CVE-2012-1196
/usr/share/metasploit-framework/modules/exploits/windows/http/lexmark_markvision_gfd_upload.rb:CVE-2014-8741
/usr/share/metasploit-framework/modules/exploits/windows/http/manageengine_adaudit_plus_cve_2022_28219.rb:CVE-2022-28219
/usr/share/metasploit-framework/modules/exploits/windows/http/manageengine_adselfservice_plus_cve_2021_40539.rb:CVE-2021-40539
/usr/share/metasploit-framework/modules/exploits/windows/http/manageengine_adselfservice_plus_cve_2022_28810.rb:CVE-2022-28810
/usr/share/metasploit-framework/modules/exploits/windows/http/manageengine_appmanager_exec.rb:CVE-2018-7890
Expand Down Expand Up @@ -2085,6 +2106,7 @@
/usr/share/metasploit-framework/modules/exploits/windows/http/zentao_pro_rce.rb:CVE-2020-7361
/usr/share/metasploit-framework/modules/exploits/windows/http/zenworks_assetmgmt_uploadservlet.rb:CVE-2011-2653
/usr/share/metasploit-framework/modules/exploits/windows/http/zenworks_uploadservlet.rb:CVE-2010-5324
/usr/share/metasploit-framework/modules/exploits/windows/http/zoho_password_manager_pro_xml_rpc_rce.rb:CVE-2022-35405
/usr/share/metasploit-framework/modules/exploits/windows/ibm/ibm_was_dmgr_java_deserialization_rce.rb:CVE-2019-4279
/usr/share/metasploit-framework/modules/exploits/windows/iis/iis_webdav_scstoragepathfromurl.rb:CVE-2017-7269
/usr/share/metasploit-framework/modules/exploits/windows/iis/ms01_023_printer.rb:CVE-2001-0241
Expand Down Expand Up @@ -2281,6 +2303,7 @@
/usr/share/metasploit-framework/modules/exploits/windows/misc/stream_down_bof.rb:CVE-2011-5052
/usr/share/metasploit-framework/modules/exploits/windows/misc/tiny_identd_overflow.rb:CVE-2007-2711
/usr/share/metasploit-framework/modules/exploits/windows/misc/trendmicro_cmdprocessor_addtask.rb:CVE-2011-5001
/usr/share/metasploit-framework/modules/exploits/windows/misc/unified_remote_rce.rb:CVE-2022-3229
/usr/share/metasploit-framework/modules/exploits/windows/misc/veeam_one_agent_deserialization.rb:CVE-2020-10914
/usr/share/metasploit-framework/modules/exploits/windows/misc/veeam_one_agent_deserialization.rb:CVE-2020-10915
/usr/share/metasploit-framework/modules/exploits/windows/misc/vmhgfs_webdav_dll_sideload.rb:CVE-2016-5330
Expand Down Expand Up @@ -2443,6 +2466,7 @@
/usr/share/metasploit-framework/modules/post/hardware/automotive/pdt.rb:CVE-2017-14937
/usr/share/metasploit-framework/modules/post/linux/dos/xen_420_dos.rb:CVE-2012-5525
/usr/share/metasploit-framework/modules/post/linux/gather/haserl_read.rb:CVE-2021-29133
/usr/share/metasploit-framework/modules/post/linux/gather/mimipenguin.rb:CVE-2018-20781
/usr/share/metasploit-framework/modules/post/multi/escalate/cups_root_file_read.rb:CVE-2012-5519
/usr/share/metasploit-framework/modules/post/multi/sap/smdagent_get_properties.rb:CVE-2019-0307
/usr/share/metasploit-framework/modules/post/osx/escalate/tccbypass.rb:CVE-2020-9934
Expand Down
3 changes: 3 additions & 0 deletions installer/IF20_cve_search.sh
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,9 @@ IF20_cve_search() {
apt-get update -y
print_tool_info "mongodb-org" 1
apt-get install mongodb-org -y
if ! [[ -f /etc/mongod.conf ]]; then
echo "Could not install EMBA component mongod - missing mongod.conf file" && exit 1
fi
sed -i 's/bindIp\:\ 127.0.0.1/bindIp\:\ 172.36.0.1/g' /etc/mongod.conf

if [[ "$WSL" -eq 0 ]]; then
Expand Down
1 change: 1 addition & 0 deletions modules/S03_firmware_bin_base_analyzer.sh
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,7 @@ os_detection_thread_per_os() {
local OS="${1:-}"
local DETECTED=0
local OS_=""
local OS_COUNTER_VxWorks=0

OS_COUNTER[$OS]=0
OS_COUNTER[$OS]=$(("${OS_COUNTER[$OS]}"+"$(find "$OUTPUT_DIR" -xdev -type f -exec strings {} \; | grep -i -c "$OS" 2> /dev/null || true)"))
Expand Down
2 changes: 2 additions & 0 deletions modules/S06_distribution_identification.sh
Original file line number Diff line number Diff line change
Expand Up @@ -46,8 +46,10 @@ S06_distribution_identification()
SED_COMMAND="$(echo "$CONFIG" | cut -d\; -f4)"
FILE_QUOTED=$(escape_echo "$FILE")
OUT1="$(eval "$PATTERN" "$FILE_QUOTED" || true)"
# echo "PATTERN: $PATTERN"
# echo "SED command: $SED_COMMAND"
# echo "identified: $OUT1"
# echo "FILE: $FILE_QUOTED"
IDENTIFIER=$(echo -e "$OUT1" | eval "$SED_COMMAND" | sed 's/ \+/ /g' | sed 's/ $//' || true)

if [[ $(basename "$FILE") == "image_sign" ]]; then
Expand Down
15 changes: 7 additions & 8 deletions modules/S109_jtr_local_pw_cracking.sh
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,6 @@ S109_jtr_local_pw_cracking()
print_output "[*] Found password data $ORANGE$HASH$NC for further processing in $ORANGE$HASH_SOURCE$NC"
echo "$HASH" >> "$LOG_PATH_MODULE"/jtr_hashes.txt
fi

done

if [[ -f "$LOG_PATH_MODULE"/jtr_hashes.txt ]]; then
Expand All @@ -80,14 +79,14 @@ S109_jtr_local_pw_cracking()
timeout --preserve-status --signal SIGINT "$JTR_TIMEOUT" john --progress-every=120 "$LOG_PATH_MODULE"/jtr_hashes.txt | tee -a "$LOG_FILE" || true
print_ln
NEG_LOG=1
fi

mapfile -t CRACKED_HASHES < <(john --show "$LOG_PATH_MODULE"/jtr_hashes.txt | grep -v "password hash\(es\)\? cracked" | grep -v "^$" || true)
JTR_FINAL_STAT=$(john --show "$LOG_PATH_MODULE"/jtr_hashes.txt | grep "password hash\(es\)\? cracked\|No password hashes loaded" || true)
CRACKED=$(echo "$JTR_FINAL_STAT" | awk '{print $1}')
if [[ -n "$JTR_FINAL_STAT" ]]; then
print_output "[*] John the ripper final status: $ORANGE$JTR_FINAL_STAT$NC"
NEG_LOG=1
mapfile -t CRACKED_HASHES < <(john --show "$LOG_PATH_MODULE"/jtr_hashes.txt | grep -v "password hash\(es\)\? cracked" | grep -v "^$" || true)
JTR_FINAL_STAT=$(john --show "$LOG_PATH_MODULE"/jtr_hashes.txt | grep "password hash\(es\)\? cracked\|No password hashes loaded" || true)
CRACKED=$(echo "$JTR_FINAL_STAT" | awk '{print $1}')
if [[ -n "$JTR_FINAL_STAT" ]]; then
print_output "[*] John the ripper final status: $ORANGE$JTR_FINAL_STAT$NC"
NEG_LOG=1
fi
fi

if [[ "$CRACKED" -gt 0 ]]; then
Expand Down