From eb72edc84a3422ac8d90db03c10440ed77f21499 Mon Sep 17 00:00:00 2001
From: Shelby Pace <shelby_pace@rapid7.com>
Date: Tue, 24 Jul 2018 10:22:53 -0500
Subject: [PATCH] added documentation for aux module

---
 .../scanner/http/phpmyadmin_login.md          | 39 +++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 documentation/modules/auxiliary/scanner/http/phpmyadmin_login.md

diff --git a/documentation/modules/auxiliary/scanner/http/phpmyadmin_login.md b/documentation/modules/auxiliary/scanner/http/phpmyadmin_login.md
new file mode 100644
index 0000000000..eb94ec6c85
--- /dev/null
+++ b/documentation/modules/auxiliary/scanner/http/phpmyadmin_login.md
@@ -0,0 +1,39 @@
+
+## Vulnerable Application
+
+  This module is a brute-force login scanner for PhpMyAdmin 
+
+## Verification Steps
+
+  1. Start msfconsole
+  2. Do: ```use [auxiliary/scanner/http/phpmyadmin_login]```
+  3. Do: ```set RHOSTS [IP]```
+  4. Do: ```set TARGETURI [URI]```
+  5. Do: ```set PASSWORD [PASSWORD]```
+  6. Do: ```run```
+  7. You should get a successful login status
+
+## Scenarios
+
+### Tested on PhpMyAdmin Versions 4.8.2, 4.8.1, 4.0.10.20
+
+  ```
+  msf5 > use auxiliary/scanner/http/phpmyadmin_login
+  msf5 auxiliary(scanner/http/phpmyadmin_login) > set rhosts 192.168.37.151
+  rhosts => 192.168.37.151
+  msf5 auxiliary(scanner/http/phpmyadmin_login) > set targeturi phpmyadmin-4.8.2/index.php
+  targeturi => phpmyadmin-4.8.2/index.php
+  msf5 auxiliary(scanner/http/phpmyadmin_login) > set password password
+  password => password
+  msf5 auxiliary(scanner/http/phpmyadmin_login) > run
+  PhpMyAdmin Version: 4.8.2
+  Token here: !il&>s3]t28i34x7
+  Session ID: sruks7tm3bnh6jljb8h1q9gh6u
+  Cookies: pma_lang=en; phpMyAdmin=anttidd9jgc8c2qnhn0kq4sshu;
+
+  [+] 192.168.37.151:80 - Success: 'root:password'
+  [*] Scanned 1 of 1 hosts (100% complete)
+  [*] Auxiliary module execution completed
+  msf5 auxiliary(scanner/http/phpmyadmin_login) > 
+
+  ```