Update my module documentation to the new standard
Also update CheckModule to match current style and best practices.
This commit is contained in:
parent
129d15b8eb
commit
c5df5355ac
|
@ -17,26 +17,24 @@ For manual setup, please follow the Computer History Wiki's
|
|||
Garvin's [guide](http://plover.net/~agarvin/4.3bsd-on-simh.html) if
|
||||
you're using [Quasijarus](http://gunkies.org/wiki/4.3_BSD_Quasijarus).
|
||||
|
||||
### Targets
|
||||
|
||||
```
|
||||
Id Name
|
||||
-- ----
|
||||
0 @(#)fingerd.c 5.1 (Berkeley) 6/6/85
|
||||
```
|
||||
|
||||
## Verification Steps
|
||||
|
||||
Follow [Setup](#setup) and [Scenarios](#scenarios).
|
||||
|
||||
## Targets
|
||||
|
||||
### 0
|
||||
|
||||
This targets `fingerd` version 5.1 from 1985-06-06.
|
||||
|
||||
## Options
|
||||
|
||||
**RPORT**
|
||||
### RPORT
|
||||
|
||||
Set this to the target port. The default is 79 for `fingerd`, but the
|
||||
port may be forwarded when NAT (SLiRP) is used in SIMH.
|
||||
|
||||
**PAYLOAD**
|
||||
### PAYLOAD
|
||||
|
||||
Set this to a BSD VAX payload. Currently, only
|
||||
`bsd/vax/shell_reverse_tcp` is supported.
|
||||
|
|
|
@ -55,18 +55,16 @@ again.
|
|||
|
||||
After completing these steps, you may now test the module.
|
||||
|
||||
### Targets
|
||||
|
||||
```
|
||||
Id Name
|
||||
-- ----
|
||||
0 Nexus Repository Manager <= 3.21.1
|
||||
```
|
||||
|
||||
## Verification Steps
|
||||
|
||||
Follow [Setup](#setup) and [Scenarios](#scenarios).
|
||||
|
||||
## Targets
|
||||
|
||||
### 0
|
||||
|
||||
This targets Nexus Repository Manager versions <= 3.21.1.
|
||||
|
||||
## Options
|
||||
|
||||
### USERNAME
|
||||
|
|
|
@ -20,18 +20,17 @@ Run `docker run -it -p 8080:8080 liferay/portal:7.2.0-ga1` (note the
|
|||
added `7.2.0-ga1` tag) as per Liferay's [Docker Hub instructions](https://hub.docker.com/r/liferay/portal).
|
||||
Any dependencies will be pulled automatically.
|
||||
|
||||
### Targets
|
||||
|
||||
```
|
||||
Id Name
|
||||
-- ----
|
||||
0 Liferay Portal < 6.2.5 GA6, 7.0.6 GA7, 7.1.3 GA4, 7.2.1 GA2
|
||||
```
|
||||
|
||||
## Verification Steps
|
||||
|
||||
Follow [Setup](#setup) and [Scenarios](#scenarios).
|
||||
|
||||
## Targets
|
||||
|
||||
### 0
|
||||
|
||||
This targets Liferay Portal versions < 6.2.5 GA6, 7.0.6 GA7, 7.1.3 GA4,
|
||||
and 7.2.1 GA2.
|
||||
|
||||
## Options
|
||||
|
||||
### SRVPORT
|
||||
|
|
|
@ -17,25 +17,23 @@ For manual setup, please follow the Computer History Wiki's
|
|||
Garvin's [guide](http://plover.net/~agarvin/4.3bsd-on-simh.html) if
|
||||
you're using [Quasijarus](http://gunkies.org/wiki/4.3_BSD_Quasijarus).
|
||||
|
||||
### Targets
|
||||
|
||||
```
|
||||
Id Name
|
||||
-- ----
|
||||
0 /usr/lib/crontab.local
|
||||
```
|
||||
|
||||
## Verification Steps
|
||||
|
||||
Follow [Setup](#setup) and [Scenarios](#scenarios).
|
||||
|
||||
## Targets
|
||||
|
||||
### 0
|
||||
|
||||
This uses `/usr/lib/crontab.local` to execute code.
|
||||
|
||||
## Options
|
||||
|
||||
**MOVEMAIL**
|
||||
### MOVEMAIL
|
||||
|
||||
Set this to the absolute path to the SUID-root `movemail` executable.
|
||||
|
||||
**CMD**
|
||||
### CMD
|
||||
|
||||
If your payload is `cmd/unix/generic` (suggested default), set this to
|
||||
the command you want to run as root. The provided default will create a
|
||||
|
|
|
@ -11,21 +11,20 @@ root or nobody user, depending on the kind of grammar OpenSMTPD uses.
|
|||
1. Download [OpenBSD 6.6](https://cdn.openbsd.org/pub/OpenBSD/6.6/amd64/install66.iso)
|
||||
2. Install the system
|
||||
|
||||
### Targets
|
||||
|
||||
```
|
||||
Id Name
|
||||
-- ----
|
||||
0 OpenSMTPD < 6.6.4 (automatic grammar selection)
|
||||
```
|
||||
|
||||
## Verification Steps
|
||||
|
||||
Follow [Setup](#setup) and [Scenarios](#scenarios).
|
||||
|
||||
## Targets
|
||||
|
||||
### 0
|
||||
|
||||
This targets OpenSMTPD versions < 6.6.4 by automatically selecting the
|
||||
appropriate grammar.
|
||||
|
||||
## Options
|
||||
|
||||
**SESSION**
|
||||
### SESSION
|
||||
|
||||
Set this to a valid session ID on an OpenBSD target.
|
||||
|
||||
|
|
|
@ -18,26 +18,24 @@ For manual setup, please follow the Computer History Wiki's
|
|||
Garvin's [guide](http://plover.net/~agarvin/4.3bsd-on-simh.html) if
|
||||
you're using [Quasijarus](http://gunkies.org/wiki/4.3_BSD_Quasijarus).
|
||||
|
||||
### Targets
|
||||
|
||||
```
|
||||
Id Name
|
||||
-- ----
|
||||
0 @(#)version.c 5.51 (Berkeley) 5/2/86
|
||||
```
|
||||
|
||||
## Verification Steps
|
||||
|
||||
Follow [Setup](#setup) and [Scenarios](#scenarios).
|
||||
|
||||
## Targets
|
||||
|
||||
### 0
|
||||
|
||||
This targets `sendmail` version 5.51 from 1986-05-02.
|
||||
|
||||
## Options
|
||||
|
||||
**RPORT**
|
||||
### RPORT
|
||||
|
||||
Set this to the target port. The default is 25 for `sendmail`, but the
|
||||
port may be forwarded when NAT (SLiRP) is used in SIMH.
|
||||
|
||||
**PAYLOAD**
|
||||
### PAYLOAD
|
||||
|
||||
Set this to a Unix command payload. Currently, only `cmd/unix/reverse`
|
||||
and `cmd/unix/generic` are supported.
|
||||
|
|
|
@ -15,21 +15,19 @@ SMTP interaction with OpenSMTPD to execute a command as the root user.
|
|||
4. Execute `/etc/rc.d/smtpd restart` to restart OpenSMTPD
|
||||
5. Execute `ifconfig` and look for an appropriate target IP
|
||||
|
||||
### Targets
|
||||
|
||||
```
|
||||
Id Name
|
||||
-- ----
|
||||
0 OpenSMTPD < 6.6.1
|
||||
```
|
||||
|
||||
## Verification Steps
|
||||
|
||||
Follow [Setup](#setup) and [Scenarios](#scenarios).
|
||||
|
||||
## Targets
|
||||
|
||||
### 0
|
||||
|
||||
This targets OpenSMTPD versions < 6.6.1.
|
||||
|
||||
## Options
|
||||
|
||||
**RCPT_TO**
|
||||
### RCPT_TO
|
||||
|
||||
Set this to a valid mail recipient. The default is `root`.
|
||||
|
||||
|
|
|
@ -17,19 +17,20 @@ Tested against versions 5.0.20 and 5.0.23 as can be found on Vulhub.
|
|||
2. `cd vulhub/thinkphp/5-rce` for 5.0.20 or `cd vulhub/thinkphp/5.0.23-rce` for 5.0.23
|
||||
3. `docker-compose up -d`
|
||||
|
||||
### Targets
|
||||
|
||||
```
|
||||
Id Name
|
||||
-- ----
|
||||
0 Unix Command
|
||||
1 Linux Dropper
|
||||
```
|
||||
|
||||
## Verification Steps
|
||||
|
||||
Follow [Setup](#setup) and [Scenarios](#scenarios).
|
||||
|
||||
## Targets
|
||||
|
||||
### 0
|
||||
|
||||
This executes a Unix command.
|
||||
|
||||
### 1
|
||||
|
||||
This uses a Linux dropper to execute code.
|
||||
|
||||
## Options
|
||||
|
||||
### SRVPORT
|
||||
|
|
|
@ -22,33 +22,31 @@ API change. Tested against 4.8.3.
|
|||
2. Download <https://downloads.wordpress.org/plugin/iwp-client.1.9.4.4.zip>
|
||||
3. Follow <https://wordpress.org/plugins/iwp-client/#installation>
|
||||
|
||||
### Targets
|
||||
|
||||
```
|
||||
Id Name
|
||||
-- ----
|
||||
0 InfiniteWP Client < 1.9.4.5
|
||||
```
|
||||
|
||||
## Verification Steps
|
||||
|
||||
Follow [Setup](#setup) and [Scenarios](#scenarios).
|
||||
|
||||
## Targets
|
||||
|
||||
### 0
|
||||
|
||||
This targets InfiniteWP Client versions < 1.9.4.5.
|
||||
|
||||
## Options
|
||||
|
||||
**USERNAME**
|
||||
### USERNAME
|
||||
|
||||
Set this to a known, valid administrator username. Authentication will
|
||||
be bypassed for this user.
|
||||
|
||||
**PLUGIN_FILE**
|
||||
### PLUGIN_FILE
|
||||
|
||||
Set this to a plugin file to insert the payload into, relative to the
|
||||
plugins directory, which is normally `/wp-content/plugins`. The file
|
||||
must exist and be writable by the web user. It will be overwritten and
|
||||
later restored.
|
||||
|
||||
**VerifyContents**
|
||||
### VerifyContents
|
||||
|
||||
Verify that the restored contents of `PLUGIN_FILE` match the original.
|
||||
This is the default setting.
|
||||
|
|
|
@ -16,20 +16,24 @@ Desktop Central versions < 10.0.474. Tested against 10.0.465 x64.
|
|||
1. Download a vulnerable installer (I used 10.0.465 x64)
|
||||
2. Install the software in Windows (I used Windows 10)
|
||||
|
||||
### Targets
|
||||
|
||||
```
|
||||
Id Name
|
||||
-- ----
|
||||
0 Windows Command
|
||||
1 Windows Dropper
|
||||
2 PowerShell Stager
|
||||
```
|
||||
|
||||
## Verification Steps
|
||||
|
||||
Follow [Setup](#setup) and [Scenarios](#scenarios).
|
||||
|
||||
## Targets
|
||||
|
||||
### 0
|
||||
|
||||
This executes a Windows command.
|
||||
|
||||
### 1
|
||||
|
||||
This uses a Windows dropper to execute code.
|
||||
|
||||
### 2
|
||||
|
||||
This uses a PowerShell stager to execute code.
|
||||
|
||||
## Options
|
||||
|
||||
### WfsDelay
|
||||
|
|
|
@ -24,22 +24,22 @@ module Exploit::Remote::CheckModule
|
|||
|
||||
# Bail if we couldn't
|
||||
unless mod
|
||||
return CheckCode::Unsupported(
|
||||
"Could not instantiate #{check_module}"
|
||||
return Exploit::CheckCode::Unsupported(
|
||||
"Could not instantiate #{check_module}."
|
||||
)
|
||||
end
|
||||
|
||||
# Bail if it isn't aux
|
||||
if mod.type != Msf::MODULE_AUX
|
||||
return CheckCode::Unsupported(
|
||||
"#{check_module} is not an auxiliary module"
|
||||
return Exploit::CheckCode::Unsupported(
|
||||
"#{check_module} is not an auxiliary module."
|
||||
)
|
||||
end
|
||||
|
||||
# Bail if run isn't defined
|
||||
unless mod.respond_to?(:run)
|
||||
return CheckCode::Unsupported(
|
||||
"#{check_module} does not define a run method"
|
||||
return Exploit::CheckCode::Unsupported(
|
||||
"#{check_module} does not define a run method."
|
||||
)
|
||||
end
|
||||
|
||||
|
@ -64,7 +64,7 @@ module Exploit::Remote::CheckModule
|
|||
# Bail if module doesn't return a CheckCode
|
||||
unless checkcode.kind_of?(Exploit::CheckCode)
|
||||
return Exploit::CheckCode::Unsupported(
|
||||
"#{check_module} does not return a CheckCode"
|
||||
"#{check_module} does not return a CheckCode."
|
||||
)
|
||||
end
|
||||
|
||||
|
@ -73,7 +73,7 @@ module Exploit::Remote::CheckModule
|
|||
else
|
||||
# Bail if module doesn't return a CheckCode
|
||||
Exploit::CheckCode::Unsupported(
|
||||
"#{check_module} does not return a CheckCode"
|
||||
"#{check_module} does not return a CheckCode."
|
||||
)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -7,8 +7,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
|
||||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Remote::CheckModule
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
include Msf::Exploit::Remote::CheckModule
|
||||
include Msf::Exploit::FileDropper
|
||||
|
||||
def initialize(info = {})
|
||||
|
|
|
@ -7,8 +7,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
|
||||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Remote::CheckModule
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
include Msf::Exploit::Remote::CheckModule
|
||||
include Msf::Exploit::CmdStager
|
||||
|
||||
def initialize(info = {})
|
||||
|
|
|
@ -55,8 +55,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
CHUNK_SIZE = 0x400
|
||||
HEADER_SIZE = 0x48
|
||||
|
||||
include Msf::Exploit::Remote::CheckModule
|
||||
include Msf::Exploit::Remote::RDP
|
||||
include Msf::Exploit::Remote::CheckModule
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
|
|
|
@ -10,8 +10,8 @@ require 'windows_error'
|
|||
class MetasploitModule < Msf::Exploit::Remote
|
||||
Rank = AverageRanking
|
||||
|
||||
include Msf::Exploit::Remote::CheckModule
|
||||
include Msf::Exploit::Remote::DCERPC
|
||||
include Msf::Exploit::Remote::CheckModule
|
||||
|
||||
def initialize(info = {})
|
||||
super(
|
||||
|
|
|
@ -16,9 +16,9 @@
|
|||
class MetasploitModule < Msf::Exploit::Remote
|
||||
Rank = NormalRanking
|
||||
|
||||
include Msf::Exploit::Remote::CheckModule
|
||||
include Msf::Exploit::Remote::SMB::Client::Psexec_MS17_010
|
||||
include Msf::Exploit::Remote::SMB::Client::Psexec
|
||||
include Msf::Exploit::Remote::CheckModule
|
||||
include Msf::Exploit::Powershell
|
||||
include Msf::Exploit::EXE
|
||||
include Msf::Exploit::WbemExec
|
||||
|
|
Loading…
Reference in New Issue