Skip to content

Creating your own exploit list

Jump to bottom
Ekultek edited this page Jan 14, 2019 · 3 revisions

Creating your own modules list

In order to create your own modules list you will need to know the basics of how JSON works. It's actually extremely simple, all you need is the key exploits and an array of modules. For example:

{
  "exploits": [
    "exploit/multi/http/cups_bash_env_exec",
    "exploit/multi/vnc/vnc_keyboard_exec",
    "exploit/multi/http/apache_activemq_upload_jsp",
    "exploit/multi/http/apache_jetspeed_file_upload",
    "exploit/multi/http/apache_mod_cgi_bash_env_exec",
    "exploit/multi/http/apache_roller_ognl_injection",
    "exploit/multi/http/sonicwall_scrutinizer_methoddetail_sqli",
    "exploit/multi/http/struts2_code_exec_showcase",
    "exploit/multi/http/struts2_content_type_ognl",
    "exploit/multi/http/struts2_rest_xstream",
    "exploit/multi/http/struts_code_exec",
    "exploit/multi/http/struts_code_exec_classloader",
    "exploit/multi/http/struts_code_exec_exception_delegator",
    "exploit/multi/http/struts_code_exec_parameters",
    "exploit/multi/ssh/sshexec"
  ]
}

Lets break this down:

{
  "exploits":  # this is the key
  [  # start the array
    "exploit/multi/http/cups_bash_env_exec",  # add all your exploits
    "exploit/multi/vnc/vnc_keyboard_exec",
    "exploit/multi/http/apache_activemq_upload_jsp",
    "exploit/multi/http/apache_jetspeed_file_upload",
    "exploit/multi/http/apache_mod_cgi_bash_env_exec",
    "exploit/multi/http/apache_roller_ognl_injection",
    "exploit/multi/http/sonicwall_scrutinizer_methoddetail_sqli",
    "exploit/multi/http/struts2_code_exec_showcase",
    "exploit/multi/http/struts2_content_type_ognl",
    "exploit/multi/http/struts2_rest_xstream",
    "exploit/multi/http/struts_code_exec",
    "exploit/multi/http/struts_code_exec_classloader",
    "exploit/multi/http/struts_code_exec_exception_delegator",
    "exploit/multi/http/struts_code_exec_parameters",
    "exploit/multi/ssh/sshexec"
  ]  # close the array
}  # close the JSON

Converting text files to JSON files

AutoSploit comes with a built-in tool to convert a textual file into a JSON file. So in order to do this all you need to do is have a text file containing the exploit path (one per line):

exploit/multi/http/struts_code_exec
exploit/multi/http/struts_code_exec_classloader
exploit/multi/http/struts_code_exec_exception_delegator
exploit/multi/http/struts_code_exec_parameters
exploit/multi/ssh/sshexec
...

Save it wherever you want and pass the -E/--exploit-file argument. This will convert the text file into a JSON file and save it for future use.

Graffiti the world, with exploits
Clone this wiki locally