what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from Erik Daguerre

DC/OS Marathon UI Docker Privilege Escalation

Posted Jun 7, 2017

Authored by Erik Daguerre | Site metasploit.com

Utilizing the DCOS Cluster's Marathon UI, an attacker can create a docker container with the '/' path mounted with read/write permissions on the host server that is running the docker container. As the docker container executes command as uid 0 it is honored by the host operating system allowing the attacker to edit/create files owed by root. This exploit abuses this to create a cron job in the '/etc/cron.d/' path of the host server. Note that the docker image must be a valid docker image from hub.docker.com. Further more the docker container will only deploy if there are resources available in the DC/OS cluster.

tags | exploit, root

SHA-256 | 10a3e28a45a0567b678d813b94116bfb80c6f6277258907fff79b23d661ddc57

Download | Favorite | View

PowerShellEmpire Arbitrary File Upload (Skywalker)

Posted Nov 18, 2016

Authored by Spencer McIntyre, Erik Daguerre | Site metasploit.com

A vulnerability existed in the PowerShellEmpire server prior to commit f030cf62 which would allow an arbitrary file to be written to an attacker controlled location with the permissions of the Empire server. This exploit will write the payload to /tmp/ directory followed by a cron.d file to execute the payload.

tags | exploit, arbitrary

SHA-256 | 36491dd12b6c42a1f65d906a4cbc99b3799866ff52ce18af79b2b9c27d2497d6

Download | Favorite | View