root@home:~$

ninja at @prismacsi- human rights activist

Development Metasploit Module After 0DAY

In this article I will tell you how to develop a 0day’s metasploit module. Before writing Thank you to Numan Türle (@numanturle) for help on about ruby ​on rails

Metasploit Module.

Vulnerability

Vulnerability in a web application running on hardware, an input from a user caused a vulnerability in execution of a remote command execution.

This vulnerability affected 106 server

Examples Request

Usually this application is running on the server “8081” port. But when I do some research with shodan “50000” can work on ports such as “8080”. uploaddir value causes remote command execution vulnerability.in

Example Response

The application works on root privileges.

Metasploit-Framework Modules Development

Before you start writing, you can benefit greatly from here.If we need to summarize the first picture, we mentioned that the msf module is remote and we will use http client.

Then enter the author, platforms, date and arch values.if this vulnerability was remote code execution, we should have chosen ARCH_PHP. But I used ARCH_CMD for remote command execution

There is a point we need to pay attention to here.people often compare “remote code execution” and “remote command execution” vulnerabilities

Exploit Development.

If we need to summarize the first picture, we mentioned that the msf module is remote and we will use http client.

Then enter the author, platforms, date and arch values. There is a point we need to pay attention to here.People often compare “remote code execution” and “remote command execution” vulnerabilities.If this vulnerability was remote code execution, we should have chosen ARCH_PHP.

“if else” loop generated in response to code in first lines. If response 200 and body / upload_tmp_dir / return vulnerable.

In the last lines we have specified the type of web request to be made “GET”. Then the payload is entered with the “cmd” to the value that is the vulnerability. This payload gets backconnect with telnet.