module
Multi Escalate Metasploit pcap_log Local Privilege Escalation
| Disclosed | Created |
|---|---|
| Jul 16, 2012 | May 30, 2018 |
Disclosed
Jul 16, 2012
Created
May 30, 2018
Description
Metasploit creates pcap files in /tmp with predictable file names. This exploits this by hard-linking these
filenames to /etc/passwd, then sending a packet with a privileged user entry contained within.
This, and all the other packets, are appended to /etc/passwd.
Successful exploitation results in the creation of a new superuser account.
This module requires manual clean-up. Upon success, you should remove /tmp/msf3-session*pcap
files and truncate /etc/passwd. Note that if this module fails, you can potentially induce
a permanent DoS on the target by corrupting the /etc/passwd file.
filenames to /etc/passwd, then sending a packet with a privileged user entry contained within.
This, and all the other packets, are appended to /etc/passwd.
Successful exploitation results in the creation of a new superuser account.
This module requires manual clean-up. Upon success, you should remove /tmp/msf3-session*pcap
files and truncate /etc/passwd. Note that if this module fails, you can potentially induce
a permanent DoS on the target by corrupting the /etc/passwd file.
Author
0a29406d9794e4f9b30b3c5d6702c708
Platform
BSD,Linux,Unix
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.