module
Metasploit msfd Remote Code Execution
| Disclosed | Created |
|---|---|
| 04/11/2018 | 06/14/2018 |
Disclosed
04/11/2018
Created
06/14/2018
Description
Metasploit's msfd-service makes it possible to get a msfconsole-like
interface over a TCP socket. If this socket is accessible on a remote
interface, an attacker can execute commands on the victim's machine.
If msfd is running with higher privileges than the current local user,
this module can also be used for privilege escalation. In that case,
port forwarding on the compromised host can be used.
Code execution is achieved with the msfconsole command: irb -e 'CODE'.
interface over a TCP socket. If this socket is accessible on a remote
interface, an attacker can execute commands on the victim's machine.
If msfd is running with higher privileges than the current local user,
this module can also be used for privilege escalation. In that case,
port forwarding on the compromised host can be used.
Code execution is achieved with the msfconsole command: irb -e 'CODE'.
Author
Robin Stenvi
Platform
Ruby
Architectures
ruby
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use exploit/multi/misc/msfd_rce_remote
msf /(e) > show actions
...actions...
msf /(e) > set ACTION < action-name >
msf /(e) > show options
...show and set options...
msf /(e) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.