Linux OverlayFS Local Privilege Escalation Exploit

This Metasploit module exploit targets the Linux kernel bug in OverlayFS. A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mou...

Metasploit Weekly Wrap-Up 09/27/2024

Epic Release! This week's release includes 5 new modules, 6 enhancements, 4 fixes and 1 documentation update. Among the new additions, we have an account take over, SQL injection, RCE, and LPE! Thank you to all the contributors who made it possible! New Module Content 5 Cisco Smart Software Manag...

Local Privilege Escalation via CVE-2023-0386

This exploit targets the Linux kernel bug in OverlayFS. A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel's OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another...

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

CVE-2023-38831 WinRAR Exploit Generator Created by: tech...

Linux OverlayFS Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Local Privilege Escalation via CVE-2023-0386', 'Description' = %q This exploit targets the Linux kernel bug in OverlayFS. A flaw was found in the...

Vicidial SQL Injection Time-based Admin Credentials Enumeration

This module exploits a time-based SQL injection vulnerability in VICIdial, allowing attackers to dump admin credentials usernames and passwords via SQL injection. Module Options msf use auxiliary/scanner/http/vicidialsqlenumuserspass msf auxiliaryvicidialsqlenumuserspass show actions ...actions...

Traccar 5.12 Remote Code Execution Exploit

This Metasploit module exploits a remote code execution vulnerability in Traccar versions 5.1 through 5.12. Remote code execution can be obtained by combining path traversal and an unrestricted file upload vulnerabilities. By default, the application allows self-registration, enabling any user to...

Traccar 5.12 Remote Code Execution

class MetasploitModule 'Traccar v5 Remote Code Execution CVE-2024-31214 and CVE-2024-24809', 'Description' = %q Remote Code Execution in Traccar v5.1 - v5.12. Remote code execution can be obtained by combining two vulnerabilities: A path traversal vulnerability CVE-2024-24809 and an unrestricted...

Metasploit Weekly Wrap-Up 09/20/2024

New module content 3 update-motd.d Persistence Author: Julien Voisin Type: Exploit Pull request: 19454 contributed by jvoisin Path: linux/local/motdpersistence Description: This adds a post module to keep persistence on a Linux target by writing a motd bash script triggered with root privileges...

Microsoft Windows TOCTOU Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Kernel Time of Check Time of Use LPE in AuthzBasepCopyoutInternalSecurityAttributes', 'Description' = %q CVE-2024-30088 is a Windows Kern...

Windows Escalate UAC Execute RunAs Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Escalate UAC Execute RunAs', 'Description' = %q This module will attempt to elevate execution level using the ShellExecute undocumented...

QNX Qconn Command Execution Exploit

This Metasploit module uses the qconn daemon on QNX systems to gain a shell. The QNX qconn daemon does not require authentication and allows remote users to execute arbitrary operating system commands. This Metasploit module has been tested successfully on QNX Neutrino 6.5.0 x86 and 6.5.0 SP1 x86...

update-motd.d Persistence

This module will add a script in /etc/update-motd.d/ in order to persist a payload. The payload will be executed with root privileges everytime a user logs in. Module Options msf use exploit/linux/local/motdpersistence msf exploitmotdpersistence show targets ...targets... msf exploitmotdpersisten...

Metasploit Weekly Wrap-Up 09/13/2024

SPIP Modules This week brings more modules targeting the SPIP publishing platform. SPIP has gained some attention from Metasploit community contributors recently and has inspired some PHP payload and encoder improvements. New module content 2 SPIP BigUp Plugin Unauthenticated RCE Authors: Julien...

Exploit for Code Injection in Geoserver

CVE-2024-36401-PoC Proof-of-Concept Exploit for CVE-2024-36401...

QNX Qconn Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'QNX qconn Command Execution', 'Description' = %q This module uses the qconn daemon on QNX systems to gain a shell. The QNX qconn daemon does not...

MPlayer Lite r33064 Buffer Overflow

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MPlayer Lite M3U Buffer Overflow', 'Description' = %q This module exploits a stack-based buffer overflow vulnerability in MPlayer Lite r33064,...

UnRAR Path Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'UnRAR Path Traversal CVE-2022-30333', 'Description' = %q This module creates a RAR file that exploits CVE-2022-30333, which is a path-traversal...

SPIP connect Parameter PHP Injection

This module exploits a PHP code injection vulnerability in SPIP. The vulnerability exists in the connect parameter, allowing an unauthenticated user to execute arbitrary commands with web user privileges. Branches 2.0, 2.1, and 3 are affected. Vulnerable versions are use...

SPIP form PHP Injection

This module exploits a PHP code injection in SPIP. The vulnerability exists in the oubli parameter and allows an unauthenticated user to execute arbitrary commands with web user privileges. Branches 3.2, 4.0, 4.1 and 4.2 are concerned. Vulnerable versions are use exploit/multi/http/spiprceform ms...