In this section we are going to take a look at a skeleton exploit to start building our dotDefender PoC from.
We’ll start with some of the specific things in the skeleton that are required for this exploit to work. The descriptions aren’t necessary until the end so we won’t worry about them for now.

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
#   http://metasploit.com/framework/
##
 
require 'msf/core'
 
class Metasploit3 > Msf::Exploit::Remote
    Rank = Average
 
    include Msf::Exploit::Remote::HttpClient
    include Msf::Exploit::Remote::HttpServer::HTML
 
    def initialize(info={})
        super(update_info(info,
            'Name'           => "dotDefender >= 3.8-5 No Authentication Remote Code Execution Through XSS",
            'Description'    => %q{
                    This module exploits a vulnerability found in dotDefender.
            },
            'License'        => MSF_LICENSE,
            'Author'         =>
                [
                    'John Dos',   #Initial remote execution discovery
                    'rAWjAW'  	  #Everything else
                ],
            'References'     =>
                [
                    ['EDB', '14310'],
                    ['URL', 'http://www.exploit-db.com/exploits/14310/']
                ],
            'Arch'           => ARCH_CMD,
	   'Compat'          =>
		{
	            'PayloadType' => 'cmd'
		},
            'Platform'       => ['unix','linux'],
            'Targets'        =>
                [
                    ['dotDefender >= 3.8-5', {}]
                ],
            'Privileged'     => false,
            'DefaultTarget'  => 0))
 
        register_options(
            [

            ], self.class)
    	end


	def exploit
		 
	end

end

Exploit Category

class Metasploit3 > Msf::Exploit::Remote

This is defining what type of exploit we are creating. This exploit is actually a couple of different things strung together but the initial log creation and server exploitation are a remote attack against the target server.

Exploit Includes

include Msf::Exploit::Remote::HttpClient
    include Msf::Exploit::Remote::HttpServer::HTML

Both of the above lines are needed since we need to send a packet to the target server and also host the malicious JavaScript.

Payload Limitations

'Arch'           => ARCH_CMD,
'Compat'          =>
		{
                    'PayloadType' => 'cmd'
		},
'Platform'       => ['unix','linux'],

The exploit was created and tested on a Ubuntu server which has the nc -e option turned on as does Metasploitable. The above lets us limit the payloads to unix/linux machines and command execution. We can expand on this more in the future if we want to create a script that works across multiple operating systems but for now we just want to get any working exploit.

Menu
X Close

 

Certified Pentesting
Professional

OSCP
course starting at
$800 USD

Take Penetration Testing with Kali Linux to gain invaluable penetration testing skills and earn your OSCP.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSCP

Certified Pentesting
Expert

OSCE
course starting at
$1200 USD

Take Cracking the Perimeter to take your penetration testing skills to expert levels and earn your OSCE.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSCE

 

Certified Pentesting
Web Expert

OSWE
course starting at
$1400 USD

Take Advanced Web Attacks and Exploitation, to deep dive into web apps to earn your OSWE.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSWE

Certified Pentesting
Wireless Professional

OSWP
course starting at
$450 USD

Take Offensive Security Wireless Attacks to acquire knowledge about Wi-Fi attacks and earn your OSWP.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSWP

Certified Exploitation
Expert

OSEE
course starting at
See
Live Schedule

Take Advanced Windows Exploitation to develop exploits for Windows systems and earn your OSEE.

  • Live training course
  • Includes certification exam fee
  • Maximum instructor interaction
  • Highly challenging
  • Become an OSEE