wtorek, 16 sierpnia 2016

Axis2 LFI module for CTF

Few weeks ago I tried to solve Axis2 CTF from VulnHub. It was a lot of fun. As far as there is a grabash, I decided to create small module for Metasploit to exploit LFI bug in that virtual machine...

... and get login and password for managers account on vulnerable Tomcat.

That's how I created a small module in ruby, called axis2_lfi_ctf.rb. Below small description:





So now, you can test it independently, as a normal module in Metasploit or you can grab a new version of grabash from my github and check it with other modules as well. Below simple settings when using directly from msfconsole:




So now, let's find out how is it working with current grabash version. During the scan we've found /axis2/ directory. This is an indicator to use our new LFI module:




Indeed, grabash prepared tests for Axis2:




... and now some results:




Feedback/comments?

Remember to use grabash only for legal tests. ;)

Cheers!

Brak komentarzy:

Prześlij komentarz