search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
33.73k stars 13.89k forks source link

Add CIA Vault7 tools #8068

Open DmitryHetman opened 7 years ago

DmitryHetman commented 7 years ago

https://wikileaks.org/ciav7p1/cms/index.html

timwr commented 7 years ago

There are a lot of potential modules there. Some have been redacted, added here already, or have a codenames that make them unclear with CVE/exploit they related to.

I think it would helpful to start breaking down the codenames into exploits (with CVE reference if possible. I have attempted to this a little for the Android exploits here, contributions welcome!

Codename Details CVE Module

B12/SwampMonkey BaronSamedi | libxml2 | CVE-2012-2871 ? | Chimay Red | MikroTik router RCE | CVE-2017-20149 Chronos Creatine (crt) Dugtrio (da) | addjsif | CVE-2012-6636 | webview_addjavascriptinterface EggsMayhem Freedroid (fd3) | put_user? | CVE-2013-6282 ? | put_user_vroot EerieIndiana (ei) Galago Glutamine (glt) Helios/Dragonfly/Barracuda | Chrome RCE Flameskimmer | Privesc for devices using Broadcom WiFi chipset, such as Galaxy Note 4. Written in C. Hyperion | Privesc for devices using a Samsung Exynos (version 4212 and greater) chipset. Levitator Livestrong LugiaLight (lgl) NightMonkey ROCEM | Cisco Catalyst Cluster Management Protocol RCE | CVE-2017-3881 | https://www.exploit-db.com/exploits/41872 https://github.com/mzakyz666/PoC-CVE-2017-3881 https://github.com/artkond/cisco-rce https://artkond.com/2017/04/10/cisco-catalyst-remote-code-execution/ Salamander Salazar Simian Skor Snubble Spearow (sp) Starmie (st) T2/Amino | towelroot | CVE-2014-3153 | futex_requeue

cbrnrd commented 7 years ago

Could any of the DLL hijacking methods be viable as a future module?

Reference: https://wikileaks.org/ciav7p1/cms/page_20251107.html

wwebb-r7 commented 7 years ago

The DLL hijacking modules listed are obviously intended for covert data exfiltration by people who already have ongoing physical access to a system. It would make very little sense to wrap this functionality into a Metasploit module for our typical users, and even less sense for an intelligence operative.

As for the value of making a module intended to be deployed remotely, there are some corner cases I can think of where it might be useful, but probably not, and it's still wholly unexciting. You already have a foothold on the target, you can always simply upload a DLL, and there are likely more effective ways to accomplish your goal, such as putting free_porn.exe on their desktop.