New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added STUNSHELL webshell remote command execution module #1647
Conversation
Hi thank you for your contribution, However you are missing the license information and can you run your module past msftidy thank you. The license information can be found in another module which is at the very top thank you. Also you needed to do the same to this PR #1646 to thank you |
Will do. |
also you need to do it to #1644 |
I just did it to all 4 of my pull requests, anything else? Its my first time contributing. |
okay thanks for the changes so far, I cannot see any but when someone from rapid7 takes a look you probably will but the changes I got you to make helps speed up the process to get your code merged. By the way just wondering did you use an example of a module to created yours? as im wondering where people are using other modules to base theirs from as the license information missing in modules is a bit of a problem |
I used existing misc modules as templates, but removed the licensing information, I was not sure if it should be applied before it was added to the actual metasploit project. |
ah okay thanks for that |
The cleanup applied to #1645 must be had into account here in order to merge it. Feel free to ask if there are questions or doubts in your side :) |
I think I applied all the fixes to this one. |
Thanks @Bwall Merge after last cleanup, check it at: https://github.com/rapid7/metasploit-framework/tree/9b18eb858b4d373265a4b5403472e4301164f1a3 Test after cleanup:
|
btw, just pointing, I checked news for this really deployed in the wild by malware attacks: http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Backdoor%3APHP%2FStunshell.A Thanks @Bwall !! |
This module exploits the commonly unauthenticated STUNSHELL web shell with remote command execution.
More details here: https://defense.ballastsecurity.net/wiki/index.php/STUNSHELL