Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

jasmin ransomware sqli and dir travers (CVE-2024-30851) #19103

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

jasmin ransomware sqli and dir travers (CVE-2024-30851) #19103

wants to merge 6 commits into from
+441 −0

Conversation

h00die
Copy link
Contributor

@h00die h00die commented Apr 17, 2024

This PR adds an unauth dir traversal, and a sqli exploit (CVE-2024-30851) against the Jasmin ransomware web panel.

Verification

  1. Install the application

  2. Start msfconsole

  3. Do: use auxiliary/gather/jasmin_ransomware_dir_traversal

  4. Do: set rhosts [ip]

  5. Do: run

  6. You should get the content of a file if it exists.

  7. Install the application

  8. Start msfconsole

  9. Do: use auxiliary/gather/jasmin_ransomware_sqli

  10. Do: set rhosts [IP]

  11. Do: run

  12. You should contents from the SQL Database.

@h00die
Copy link
Contributor Author

h00die commented Apr 17, 2024

@chebuya wanted to bring this to your attention since you discovered it

jheysel-r7
jheysel-r7 reviewed Apr 25, 2024
View reviewed changes
modules/auxiliary/gather/jasmin_ransomware_dir_traversal.rb
[
OptString.new('TARGETURI', [true, 'The relative URI of the Jasmin Ransomware webserver', '/']),
OptInt.new('DEPTH', [true, 'Depth of directory traversal to root ', 9]),
OptString.new('FILE', [true, 'File to retrieve', 'etc/passwd'])
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could this datastore option enable the module to grab multiple files at once?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as an OptString in theory if there was a , or other delimiter, however I don't think any dir travers modules within MSF do multiple files unless its a 'static' device (like a network appliance) where things are in a set location and certain files are known to be of strategic value

modules/auxiliary/gather/jasmin_ransomware_dir_traversal.rb Outdated Show resolved Hide resolved
modules/auxiliary/gather/jasmin_ransomware_sqli.rb Outdated Show resolved Hide resolved
modules/auxiliary/gather/jasmin_ransomware_dir_traversal.rb Outdated Show resolved Hide resolved
@cdelafuente-r7 cdelafuente-r7 self-assigned this Apr 29, 2024
cdelafuente-r7
cdelafuente-r7 reviewed Apr 29, 2024
View reviewed changes
Copy link
Contributor

@cdelafuente-r7 cdelafuente-r7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @h00die for these modules. I just left a few minor comments before it lands.

modules/auxiliary/gather/jasmin_ransomware_dir_traversal.rb Show resolved Hide resolved
modules/auxiliary/gather/jasmin_ransomware_dir_traversal.rb Outdated Show resolved Hide resolved
modules/auxiliary/gather/jasmin_ransomware_sqli.rb Outdated Show resolved Hide resolved
@h00die
Copy link
Contributor Author

h00die commented May 26, 2024

@cdelafuente-r7 this should be good now

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jheysel-r7 jheysel-r7 jheysel-r7 left review comments

@cdelafuente-r7 cdelafuente-r7 cdelafuente-r7 left review comments

@adfoster-r7 adfoster-r7 adfoster-r7 left review comments

Assignees

@cdelafuente-r7 cdelafuente-r7

Labels
docs module
Projects
Metasploit Kanban
Status: In Progress
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@h00die @jheysel-r7 @cdelafuente-r7 @adfoster-r7