Vagrant Synced Folder Vagrantfile Breakout

Posted by deepcore on October 28, 2022 – 10:36 am

This Metasploit module exploits a default Vagrant synced folder (shared folder) to append a Ruby payload to the Vagrant project Vagrantfile config file. By default, unless a Vagrant project explicitly disables shared folders, Vagrant mounts the project directory on the host as a writable vagrant directory on the guest virtual machine. This directory includes the project Vagrantfile configuration file. Ruby code within the Vagrantfile is loaded and executed when a user runs any vagrant command from the project directory on the host, leading to execution of Ruby code on the host.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« ERP Sankhya 4.13.x Cross Site Scripting https://tamkrataitong.go.th »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Vagrant Synced Folder Vagrantfile Breakout

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL