Unicode your way to a php payload and three modules to add to your playbook for Ansible
Our own jheysel-r7 added an exploit leveraging the fascinating tool of php filter chaining to prepend a payload using encoding conversion characters and h00die et. al. have come through and added 3 new Ansible post modules to gather configuration information, read files, and deploy payloads. While none offer instantaneous answers across the universe, they will certainly help in red team exercises.
New module content (4)
Ansible Agent Payload Deployer (1 of 3 Ansible post modules)
Authors: h00die and n0tty
Type: Exploit
Pull request: #18627 contributed by h00die
Path: linux/local/ansible_node_deployer
Ansible Config Gather (2 of 3 Ansible post modules)
Author: h00die
Type: Post
Pull request: #18627 contributed by h00die
Path: linux/gather/ansible
Ansible Playbook Error Message File Reader (3 of 3 Ansible post modules)
Authors: h00die and rioasmara
Type: Post
Pull request: #18627 contributed by h00die
Path: linux/gather/ansible_playbook_error_message_file_reader
Description: This adds 3 post-exploitation modules for Ansible. The first one gathers information and configuration. The second exploits an arbitrary file read that enables an attacker to read the first line of a file (typically /etc/shadow), when the compromised account is configured with password-less sudo permissions. The last one is an exploit that can deploy a payload to all the nodes in the network.
