documentation/modules/exploit/linux/http/pineapple_bypass_cmdinject.md

## Background

The 'pineapple_bypass_cmdinject' exploit attacks a weak check for
pre-authorized CSS files, which allows the attacker to bypass
authentication. The exploit then relies on the anti-CSRF vulnerability
(CVE-2015-4624) to obtain command injection.

This exploit uses a utility function in
/components/system/configuration/functions.php to execute commands once
authorization has been bypassed.

## Verification

This exploit requires a "fresh" pineapple, flashed with version 2.0-2.3. The
default options are generally effective due to having a set state after being
flashed. You will need to be connected to the WiFi pineapple network (e.g. via
WiFi or ethernet).

Assuming the above 2.3 firmware is installed, this exploit should always work.
If it does not, try it again. It should always work as long as the pineapple is
in its default configuration.
add module doc 2016-10-14 12:44:17 -05:00			`## Background`

			`The 'pineapple_bypass_cmdinject' exploit attacks a weak check for`
fix a few typos in KB 2016-10-14 13:01:51 -05:00			`pre-authorized CSS files, which allows the attacker to bypass`
			`authentication. The exploit then relies on the anti-CSRF vulnerability`
			`(CVE-2015-4624) to obtain command injection.`
add module doc 2016-10-14 12:44:17 -05:00
			`This exploit uses a utility function in`
			`/components/system/configuration/functions.php to execute commands once`
			`authorization has been bypassed.`

			`## Verification`

			`This exploit requires a "fresh" pineapple, flashed with version 2.0-2.3. The`
			`default options are generally effective due to having a set state after being`
			`flashed. You will need to be connected to the WiFi pineapple network (e.g. via`
			`WiFi or ethernet).`

			`Assuming the above 2.3 firmware is installed, this exploit should always work.`
			`If it does not, try it again. It should always work as long as the pineapple is`
			`in its default configuration.`