automatic module_metadata_base.json update

jenkins-metasploit · jenkins-metasploit · commit ea00aa6579c5 · 2024-12-30T17:13:12.000Z
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -118923,6 +118923,70 @@
 
     ]
   },
+  "exploit_multi/local/obsidian_plugin_persistence": {
+    "name": "Obsidian Plugin Persistence",
+    "fullname": "exploit/multi/local/obsidian_plugin_persistence",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2022-09-16",
+    "type": "exploit",
+    "author": [
+      "h00die",
+      "Thomas Byrne"
+    ],
+    "description": "This module searches for Obsidian vaults for a user, and uploads a malicious\n          community plugin to the vault. The vaults must be opened with community\n          plugins enabled (NOT restricted mode), but the plugin will be enabled\n          automatically.\n\n          Tested against Obsidian 1.7.7 on Kali, Ubuntu 22.04, and Windows 10.",
+    "references": [
+      "URL-https://docs.obsidian.md/Plugins/Getting+started/Build+a+plugin",
+      "URL-https://github.com/obsidianmd/obsidian-sample-plugin/tree/master",
+      "URL-https://forum.obsidian.md/t/can-obsidian-plugins-have-malware/34491",
+      "URL-https://help.obsidian.md/Extending+Obsidian/Plugin+security",
+      "URL-https://thomas-byrne.co.uk/research/obsidian-malicious-plugins/obsidian-research/"
+    ],
+    "platform": "Linux,OSX,Windows",
+    "arch": "cmd",
+    "rport": null,
+    "autofilter_ports": [
+
+    ],
+    "autofilter_services": [
+
+    ],
+    "targets": [
+      "Auto",
+      "Linux",
+      "OSX",
+      "Windows"
+    ],
+    "mod_time": "2024-12-14 17:38:29 +0000",
+    "path": "/modules/exploits/multi/local/obsidian_plugin_persistence.rb",
+    "is_install_path": true,
+    "ref_name": "multi/local/obsidian_plugin_persistence",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "config-changes"
+      ]
+    },
+    "session_types": [
+      "shell",
+      "meterpreter"
+    ],
+    "needs_cleanup": null,
+    "actions": [
+
+    ]
+  },
   "exploit_multi/local/vagrant_synced_folder_vagrantfile_breakout": {
     "name": "Vagrant Synced Folder Vagrantfile Breakout",
     "fullname": "exploit/multi/local/vagrant_synced_folder_vagrantfile_breakout",
