module
Setuid Nmap Exploit
| Disclosed | Created |
|---|---|
| 07/19/2012 | 05/30/2018 |
Disclosed
07/19/2012
Created
05/30/2018
Description
Nmap's man page mentions that "Nmap should never be installed with
special privileges (e.g. suid root) for security reasons.." and
specifically avoids making any of its binaries setuid during
installation. Nevertheless, administrators sometimes feel the need
to do insecure things. This module abuses a setuid nmap binary by
writing out a lua nse script containing a call to os.execute().
Note that modern interpreters will refuse to run scripts on the
command line when EUID != UID, so the cmd/unix/reverse_{perl,ruby}
payloads will most likely not work.
special privileges (e.g. suid root) for security reasons.." and
specifically avoids making any of its binaries setuid during
installation. Nevertheless, administrators sometimes feel the need
to do insecure things. This module abuses a setuid nmap binary by
writing out a lua nse script containing a call to os.execute().
Note that modern interpreters will refuse to run scripts on the
command line when EUID != UID, so the cmd/unix/reverse_{perl,ruby}
payloads will most likely not work.
Author
egypt
Platform
BSD,Linux,Unix
Architectures
cmd, x86
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use exploit/unix/local/setuid_nmap
msf /(p) > show actions
...actions...
msf /(p) > set ACTION < action-name >
msf /(p) > show options
...show and set options...
msf /(p) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.