From bc312420ca66b0af8b4f32bc444828ccdf01b077 Mon Sep 17 00:00:00 2001 From: h00die Date: Mon, 20 Jan 2020 21:41:32 -0500 Subject: [PATCH] module doc standardizations --- documentation/modules/auxiliary/scanner/http/dir_scanner.md | 2 +- documentation/modules/exploit/android/local/su_exec.md | 6 ++---- .../modules/exploit/multi/php/wp_duplicator_code_inject.md | 4 ++-- .../exploit/windows/local/bypassuac_injection_winsxs.md | 5 +---- 4 files changed, 6 insertions(+), 11 deletions(-) diff --git a/documentation/modules/auxiliary/scanner/http/dir_scanner.md b/documentation/modules/auxiliary/scanner/http/dir_scanner.md index 5123248e43..c4ee052293 100644 --- a/documentation/modules/auxiliary/scanner/http/dir_scanner.md +++ b/documentation/modules/auxiliary/scanner/http/dir_scanner.md @@ -1,4 +1,4 @@ -## Description +## Vulnerable Application This module scans one or more web servers for interesting directories that can be further explored. diff --git a/documentation/modules/exploit/android/local/su_exec.md b/documentation/modules/exploit/android/local/su_exec.md index 5ebba74610..d5024acaf0 100644 --- a/documentation/modules/exploit/android/local/su_exec.md +++ b/documentation/modules/exploit/android/local/su_exec.md @@ -1,4 +1,4 @@ -## Description +## Vulnerable Application This module uses the su binary present on rooted devices to run a payload as root. @@ -8,12 +8,10 @@ temporary directory, make it executable, execute it in the background, and final On most devices the su binary will pop-up a prompt on the device asking the user for permission. -## Vulnerable Application - This module will only work on *rooted* devices. An off the shelf Android device is unlikely to be rooted, however it's possible to root a device without losing the data. Many devices can be rooted by flashing new firmware, however the existing data will be lost. -## Verfication steps +## Scenarios You'll first need to obtain a session on the target device. To do this follow the instructions [here](https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/payload/android/meterpreter/reverse_tcp.md) diff --git a/documentation/modules/exploit/multi/php/wp_duplicator_code_inject.md b/documentation/modules/exploit/multi/php/wp_duplicator_code_inject.md index 177da9c9f2..b946c1759e 100644 --- a/documentation/modules/exploit/multi/php/wp_duplicator_code_inject.md +++ b/documentation/modules/exploit/multi/php/wp_duplicator_code_inject.md @@ -1,3 +1,5 @@ +## Vulnerable Application + Duplicator by Snap Creek is a WordPress plugin that can be used to create a complete backup of a WordPress instance and restore it on a fresh server. The export method generates 2 files: * An ZIP archive with the complete WordPress files and Duplicator specific files: * A copy of the `installer.php` script: `installer-backup.php` @@ -14,8 +16,6 @@ When the `installer.php` completes its process, the following files remain in th WARNING: exploiting the vulnerability will overwrite the wp-config.php file, breaking the WordPress instance. -## Vulnerable application - Install a vulnerable version of [WordPress Duplicator (<= 1.2.40)](https://downloads.wordpress.org/plugin/duplicator.1.2.40.zip) and create a backup. Put the `install.php` and archive files on a clean web server. diff --git a/documentation/modules/exploit/windows/local/bypassuac_injection_winsxs.md b/documentation/modules/exploit/windows/local/bypassuac_injection_winsxs.md index 3f6ba9243f..cb701d1f8a 100644 --- a/documentation/modules/exploit/windows/local/bypassuac_injection_winsxs.md +++ b/documentation/modules/exploit/windows/local/bypassuac_injection_winsxs.md @@ -1,11 +1,8 @@ - - -## Description +## Vulnerable Application This module adds a bypass for UAC that relies on DLL hijacking of the dccw.exe process. It has been tested on and supports both x86 and x64 releases of Windows 8, 8.1, 10_1511, 10_1607, and 10_1703. It does not work with any versions of Windows 7. -### Vulnerable application setup Not Applicable; works on stock Windows releases. ### Running Example: