PoC vom 21.04.2018 um 17:48 Uhr | Quelle packetstormsecurity.comThis Metasploit module attempts to gain root privileges on Deepin Linux systems by using lastore-daemon to install a package. The lastore-daemon D-Bus configuration on Deepin Linux 15.5 permits any user in the sudo group to install arbitrary system packages without providing a password, resulting in code execution as root. By default, the first user created on the system is a member of the sudo group. This Metasploit module has been tested successfully with lastore-daemon version 0.9.53-1 on Deepin Linux 15.5 (x64).
ASUS infosvr Authentication Bypass Command Execution
PoC vom 21.04.2018 um 17:46 Uhr | Quelle packetstormsecurity.comThis Metasploit module exploits an authentication bypass vulnerability in the infosvr service running on UDP port 9999 on various ASUS routers to execute arbitrary commands as root. This Metasploit module launches the BusyBox Telnet daemon on the port specified in the TelnetPort option to gain an interactive remote shell. This Metasploit module was tested successfully on an ASUS RT-N12E with firmware version 220.127.116.11. Numerous ASUS models are reportedly affected, but untested.