CVE-2020-11652

This exploit leverages CVE-2020-11651 (authentication bypass) and CVE-2020-11652 (directory traversal) in SaltStack to achieve remote code execution. It includes functions to read/write files and execute commands on the target system.

This PoC exploits CVE-2020-11651 and CVE-2020-11652 in SaltStack to achieve remote code execution (RCE) on the master or minions. It leverages authentication bypass and arbitrary file operations to execute commands or upload files.

This is a functional exploit PoC for CVE-2020-11652, which leverages authentication bypass (CVE-2020-11651) to achieve remote code execution on SaltStack masters. It includes methods for file read/write, command execution, and reverse shell establishment.

This PoC exploits CVE-2020-11652, an authentication bypass vulnerability in SaltStack, to read arbitrary files (e.g., /etc/passwd) by leveraging improper authentication handling in the Salt master's ZeroMQ interface.

This repository contains a functional exploit for CVE-2020-11651 and CVE-2020-11652, which are authentication bypass and remote code execution vulnerabilities in SaltStack. The exploit leverages the SaltStack master's authentication mechanism to add a new user or replace the root user by modifying /etc/passwd and /etc/shadow files.

This repository contains a scanner for detecting CVE-2020-11651 and CVE-2020-11652 vulnerabilities in SaltStack. The code includes reporting utilities and a scanner module, but no functional exploit code is present.

This repository contains a functional exploit for CVE-2020-11651 and CVE-2020-11652, targeting SaltStack's authentication bypass and directory traversal vulnerabilities. The exploit allows for remote command execution, file reading, and reverse shell establishment on vulnerable SaltStack masters.

This repository contains a functional exploit for CVE-2020-11651 and CVE-2020-11652, which are authentication bypass and directory traversal vulnerabilities in SaltStack. The exploit demonstrates arbitrary command execution, file read/write operations, and key extraction on vulnerable Salt master servers and minions.

This Metasploit module exploits an unauthenticated access vulnerability in SaltStack Salt master's ZeroMQ request server to disclose the root key used for authenticating administrative commands. It targets versions 2019.2.3 and earlier, as well as 3000.1 and earlier.

This Metasploit module exploits unauthenticated access to SaltStack Salt's ZeroMQ request server (CVE-2020-11651) to execute arbitrary code as root on the master or minions. It leverages the runner() and _send_pub() methods for RCE.