gardnerapp
gardnerapp
I've test the exploit script provided by @g1vi on an Ubuntu Focal Fossa 20.04.6 with a 5.4.0-1018-aws kernel, independently verifying exploit-ability of CVE-2023-32629. Based on my [research](https://www.wiz.io/blog/ubuntu-overlayfs-vulnerability) the exploit still...
Just submitted a pull request [here](https://github.com/rapid7/metasploit-framework/pull/19460) thanks for the help!
Full list of persistence methods can be [The Art of Mac Malware](https://taomm.org/vol1/pdfs/CH%202%20Persistence.pdf). There are already persistence support for [Launch Items, both Daemons and Agents](https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/local/persistence.rb). Currently this module is called persistence...
Added Periodic Script Persistence in #19903
I've accidentally committed pushes from another module. My apologizes, I am unsure of the proper way to remove these.
Yes, I only want the files relevant to this module pushed. I just added the rebase let me know if it is sufficient.
Hello, I've been working on other things sorry for the delay. I wasn't sure where the symlink hijacking should occur, if you read my first comment I talk about it...
> @gardnerapp any update? Are you still working on this? Anything we can do to help? I'm going to try and finish this next week sorry for the delay just...
I haven't forgotten about this. I'm able to create a root owned file w 777 perms named lock not sure what to do with it. Also I'm creating a container...
> @gardnerapp, I'm sorry I completely missed the requests. If I understand correctly, this lets you write a root-permission file with an uncontrollable name? Is that correct? Yes sir, I've...