This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Description: This file holds all my BASH configurations and aliases | |
# | |
# Sections: | |
# 1. Environment Configuration | |
# 2. Make Terminal Better (remapping defaults and adding functionality) | |
# 3. File and Folder Management | |
# 4. Searching | |
# 5. Process Management | |
# 6. Networking | |
# 7. System Operations & Information |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
local http = require "http" | |
local shortport = require "shortport" | |
local string = require "string" | |
local stdnse = require "stdnse" | |
local vulns = require "vulns" | |
local table = require "table" | |
description = [[ | |
NagiosXI versions before 5.4.13 are vulnerable to an unauthenticated remote root exploit. This unobtrusive script simply sends a single HTTP GET |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
PROBLEM: | |
not all fields are populating in the creds db | |
Running this code: | |
create_credential( | |
origin_type: :service, | |
address: '192.168.1.100', | |
port: 445, | |
service_name: 'smb', | |
protocol: 'tcp', |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
These vulnerabilities together result in NagiosXI being vulnerable to an unauthenticated remote root command injection. | |
CVE-2018-8733 | |
Authentication bypass vulnerability in the core config manager in | |
Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated | |
attacker to make configuration changes and leverage an authenticated | |
SQL injection vulnerability. | |
CVE-2018-8734 |