module
Setuid Nmap Exploit
| Disclosed | Created |
|---|---|
| Jul 19, 2012 | May 30, 2018 |
Disclosed
Jul 19, 2012
Created
May 30, 2018
Description
Nmap's man page mentions that "Nmap should never be installed with
special privileges (e.g. suid root) for security reasons.." and
specifically avoids making any of its binaries setuid during
installation. Nevertheless, administrators sometimes feel the need
to do insecure things. This module abuses a setuid nmap binary by
writing out a lua nse script containing a call to os.execute().
Note that modern interpreters will refuse to run scripts on the
command line when EUID != UID, so the cmd/unix/reverse_{perl,ruby}
payloads will most likely not work.
special privileges (e.g. suid root) for security reasons.." and
specifically avoids making any of its binaries setuid during
installation. Nevertheless, administrators sometimes feel the need
to do insecure things. This module abuses a setuid nmap binary by
writing out a lua nse script containing a call to os.execute().
Note that modern interpreters will refuse to run scripts on the
command line when EUID != UID, so the cmd/unix/reverse_{perl,ruby}
payloads will most likely not work.
Author
egypt [email protected]
Platform
BSD,Linux,Unix
Architectures
cmd, x86
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.