infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Adding new lines

bug/bundler_fix
itsmeroy2012 2017-04-08 20:17:23 +05:30 committed by h00die
parent 88f6c90d4d
commit b7562e5c36
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
documentation/modules/exploit/multi/http/rails_web_console_v2_code_exec.md
View File

@ -3,7 +3,9 @@
This module exploits an IP whitelist bypass vulnerability in the developer web console included with Ruby on Rails 4.0.x and 4.1.x. This module will also achieve code execution on Rails 4.2.x if the attack is launched from a whitelisted IP range.
## Verification Steps
**Prerequisites :**
**Prerequisites:**
```
$ gem install rails -v 4.2.6
$ rails new taco
@ -15,18 +17,23 @@ $ bundle
$ rails server
```
**Installing nodejs :**
**Installing nodejs:**
```
sudo apt-get install nodejs
```
**Launch msfconsole :**
**Launch msfconsole:**
1. Do: ```use exploit/multi/http/rails_web_console_v2_code_exec```
2. Do: ```set RHOSTS [IP]```
3. Do: ```set RPORT [Port]```
4. Do: ```run```
## Sample Output
### Rails version 4.2.6
```
msf > use exploit/multi/http/rails_web_console_v2_code_exec
msf exploit(rails_web_console_v2_code_exec) > set RHOST 192.168.0.106