[security]Update new exploitdb script to metasploit

So I was doing hackthebox.eu and realize there the target used a vulnerable web application, the exploit was developed and can be downloaded from exploitdb, but it was not updated in msfconsole when I do a search openadmin I could only see an outdated exploit that was disclosed on the 2017.

The ruby script that exploits the OpenNetAdmin 18.1.1 could be found in my kali linux /usr/share/exploitdb but it was not loaded in msfconsole.

So it turned out that I need to create an auxiliary directory in ~/.msf4/modules, then copy the ruby script from /usr/share/exploitdb.

root@kali:~# ls -lah ~/.msf4/modules/auxiliary/php/webapps/47772.rb
-rwxr-xr-x 1 root root 3.0K Apr 2 18:54 /root/.msf4/modules/auxiliary/php/webapps/47772.rb

So when you use it in msfconsole you need to do use auxiliary/php/webapps/47772, this script has preloaded the payload option but if your kali linux is x64 use the x64 meterpreter payload. Meterpreter makes your reverse shell easier and it is more silent because it is a stager meaning the entire payload is sent chunks by chunks.

Oh yeah in the BackTrack Linux days you can do msfupdate but not on the kali linux, so you need to update the exploit script yourself.

To update the exploitdb codes into kali use searchsploit -u, the searchsploit also searches if the exploit is available in your /usr/share/exploitdb.




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s