Update documentation and add check before exploit

GSoC/Meterpreter_Web_Console
Mehmet İnce 2018-03-19 23:27:18 +03:00
parent b55a750fa9
commit 53eabfc1df
2 changed files with 3 additions and 1 deletions

View File

@ -4,7 +4,7 @@ This module exploits command injection vulnerability in the ManageEngine Applica
**Vulnerable Application Installation Steps** **Vulnerable Application Installation Steps**
Go to following website and download Windows version of the product. It comes with built-in Java and Postgresql so you don't need to install anything else. Go to following website and download Windows version of the product. It comes with built-in Java and Postgresql so you don't need to install anything else.
[https://www.manageengine.com/products/applications_manager/download.html](https://www.manageengine.com/products/applications_manager/download.html) [http://archives.manageengine.com/applications_manager/13630/](http://archives.manageengine.com/applications_manager/13630/)
## Verification Steps ## Verification Steps

View File

@ -65,6 +65,8 @@ class MetasploitModule < Msf::Exploit::Remote
end end
def exploit def exploit
fail_with(Failure::NotVulnerable, 'Target is not vulnerable.') unless check == Exploit::CheckCode::Vulnerable
powershell_options = { powershell_options = {
encode_final_payload: true, encode_final_payload: true,
remove_comspec: true remove_comspec: true