metasploit-info

After learning to make exploit in python, this time I learning to make exploit in metasploit. I think it is more difficult, but also more fun. And I never code in ruby before (metasploit is written in ruby).

This exploit is metasploit exploit version of my current orangescrum 1.6.1 python exploit, and also my first one. This exploit is so simple, it took me less than a day to learn and make it.  FYI, I just take a sample from an existing exploit, then modify it in order to work with the vulnerability. Because, one of best code learning method is by modify existing code, isn’t it 😀

My configuration :

  1. Ubuntu machine hosting orangescrum 1.6.1 as target
  2. Kali linux (virtualbox) with metasploit and geany

This is how this exploit works (to learn how the vulnerability in orangescrum 1.6.1 works, you can read the article here).

  1. Login to orangescrum. Login path is http://yourserver/yourorangescrum/users/login using POST method with data data[User][email], data[User][password] and submit_Pass
  2. If login is success then the server will send the cookie and the page will be redirected to dashboard. if fails it will be redirected to login page.
  3. Then uploads php file using the cookie for authentication
  4. If upload is success, then access the file

These are some of the code

Function for login

metaploit-code-login

Function for upload file

metaploit-code-upload

For full code you can download it here

How to install it to your metasploit

  1. copy file orangescrum_upload.rb to your http exploit directory. in my kali, it is located at /usr/share/metasploit-framework/modules/exploit/multi/httpmetaploit-code-exploit-path.png
  2. reload your metasploit modules with command reload_allmetaploit-code-exploit-reload-all.png
  3. done

Now, we try our new exploit.

  1. choose the exploitmetaploit-ssss
  2. set target address (RHOST), TARGETURI, USERNAME, and PASSWORD of orangescrum app.metaploit-sdfsdf.png
  3. exploit… and we got a shellmetaploit-bbbb
Advertisements