adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add AutoCheck and usage of TARGETURI option

Browse Source 
remove CheckCmd from docs
This commit is contained in:
Shelby Pace
2021-04-09 12:08:25 -05:00
parent 352fedcca0
commit a36030bcb7
2 changed files with 23 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files
documentation/modules/exploit/linux/http/apache_druid_js_rce.md
+11 -13
View File
@@ -6,7 +6,7 @@ Apache Druid versions prior to `v0.20.1`
Apache Druid includes the ability to execute user-provided JavaScript code embedded in
various types of requests; however, that feature is disabled by default.
In Druid versions prior to `0.20.1`, an authenticated user can send a specially-crafted request
that both enables the JavaScript code-execution feature and executes the supplied code all
at once, allowing for code execution on the server with the privileges of the Druid Server process.
@@ -16,7 +16,6 @@ The issue has been fixed in Apache Druid `v0.20.1`
This module has been tested successfully against the following versions:
Apache Druid 0.15.1 Debian 9.11 (Linux 3.10.0-957.21.3.el7.x86_64)
Apache Druid 0.16.0-iap8 Ubuntu 16.04 (Linux 3.10.0-957.27.2.el7.x86_64)
@@ -41,6 +40,7 @@ To setup and run:
`docker run --rm -i -p 8888:8888 fokkodriesprong/docker-druid`
For a manual setup:
* Download a vulnerable version of Apache Druid from [here](https://archive.apache.org/dist/druid/)
* Extract the downloaded archive
* Ensure a supported version of Java is installed on the system
@@ -49,13 +49,13 @@ For a manual setup:
## Verification Steps
1. Install the application
1. Start msfconsole
1. Do: `use exploit/linux/http/apache_druid_js_rce`
1. Do: `set rhosts <ip>`
1. Do: `set lhost <ip>`
1. Do: `set lport/srvport <ip>` if necessary
1. Do: `run`
1. You should get a shell.
2. Start msfconsole
3. Do: `use exploit/linux/http/apache_druid_js_rce`
4. Do: `set rhosts <ip>`
5. Do: `set lhost <ip>`
6. Do: `set lport/srvport <ip>` if necessary
7. Do: `run`
8. You should get a shell.
## Targets
@@ -69,11 +69,9 @@ This executes a Unix command.
## Options
### CHECKCMD
You can set a customize command to check and get command exec result respond.
Default is "id"
### TARGETURI
The base path to the Apache Druid application. This is set to `/` by default.
## Scenarios