Jack Heysel
d7f3fd8cc0
This PR adds a module for a buffer overflow at the administration interface of WatchGuard Firebox and XTM appliances. The appliances are built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Successful exploitation results in remote code execution as user nobody.
Folder Purpose
This folder is primarily used to hold documentation for Metasploit's various modules, as well as the developers guide
at developers_guide.pdf.
Metasploit Developer Documentation
Metasploit is actively supported by a community of hundreds of contributors and thousands of users world-wide. As a result, the accompanying documentation moves quite quickly.
The best source of documentation on Metasploit development is https://docs.metasploit.com/. There are many treasures there, such as:
- Evading Antivirus
- How Payloads Work
- How to use Datastore Options
- How to write browser exploits with BES
- How to write a bruteforcer
...and many, many more.
API Documentation
If you are looking for API documentation, you may run rake yard to
generate a navigable view of the comment documentation used throughout
Metasploit, or visit https://rapid7.github.io/metasploit-framework/api
for a recently generated online version.
Contributing
If you would like to contribute to the documentation effort, please see http://yardoc.org/ for details on how to write YARD-compatible comments, and send us a Pull Request with your contribution.