adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions 9 Packages Projects Releases Wiki Activity

roundcube arbitrary file read

Browse Source
This commit is contained in:
cudalac
2023-08-25 08:59:53 -04:00
parent 904e8ba89f
commit 926bdd03c4
2 changed files with 17 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
documentation/modules/auxiliary/gather/roundcube_auth_file_read.md
+16 -8
View File
@@ -22,10 +22,10 @@ sudo tasksel install lamp-server
#### Install PHP 7.0
```
sudo apt install software-properties-common ca-certificates lsb-release apt-transport-https dbconfig-sqlite3 php7.0-sqlite3
sudo apt install software-properties-common ca-certificates lsb-release apt-transport-https dbconfig-sqlite3
LC_ALL=C.UTF-8 sudo add-apt-repository ppa:ondrej/php
sudo apt update
sudo apt-get install php7.0 php7.0-xml php7.0-mbstring php7.0-intl php7.0-zip
sudo apt-get install php7.0 php7.0-xml php7.0-mbstring php7.0-intl php7.0-zip php7.0-sqlite3
sudo a2dismod php8.1
sudo a2enmod php7.0
```
@@ -59,12 +59,6 @@ post_max_size = 18M
mbstring.func_overload = 0
```
Save and close the file, now reload Apache
```
sudo systemctl restart apache2
```
#### Install dovecot
```
@@ -78,6 +72,20 @@ wget https://github.com/roundcube/roundcubemail/releases/download/1.3.2/roundcub
sudo tar -zxf /tmp/roundcubemail-1.3.2-complete.tar.gz -C /var/www/html/
sudo chown -R root:root /var/www/html/roundcubemail-1.3.2/
```
#### Configure Apache
```
sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/roundcubemail-1.3.2-complete.config
sudo vi /etc/apache2/sites-available/roundcubemail-1.3.2-complete.config
```
Update `ServerName <rhost IP>` `DocumentRoot /var/www/html/roundcubemail-1.3.2/`
Save and close the file, now reload Apache
```
sudo systemctl restart apache2
```
Browse to `/installer`. Almost all settings will be kept as default,
however, for the database setup we'll use a sqlite db for ease.
modules/auxiliary/gather/roundcube_auth_file_read.rb
+1 -1
View File
@@ -45,7 +45,7 @@ class MetasploitModule < Msf::Auxiliary
register_options(
[
Opt::RPORT(80),
OptString.new('USERNAME', [ true, 'User to login with', '']),
OptString.new('USERNAME', [ true, 'Email User to login with', '']),
OptString.new('PASSWORD', [ true, 'Password to login with', '']),
OptString.new('TARGETURI', [ true, 'The URI of the Roundcube Application', '/']),
OptString.new('FILE', [ true, 'The file to read', '/etc/passwd'])