infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add documentation

GSoC/Meterpreter_Web_Console
HD Moore 2018-05-05 15:48:44 -05:00
parent e775a97ae2
commit a1092fcfd7
1 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
documentation/modules/exploit/linux/http/panos_readsessionvars.md Normal file
View File

@ -0,0 +1,26 @@
This module exploits a chain of vulnerabilities in Palo Alto Networks products running
PAN-OS versions prior to 6.1.19, 7.0.19, 7.1.14, and 8.0.6. This chain starts by using
an authentication bypass flaw to to exploit an XML injection issue, which is then
abused to create an arbitrary directory, and finally gains root code execution by
exploiting a vulnerable cron script. This module uses an initial reverse TLS callback
to stage arbitrary payloads on the target appliance.
## Vulnerable Application
This exploit was specifically written against PAN-OS 7.1.0 runing in a QEMU (kvm) virtual machine.
This VM is not generally available, but the specific disk image used was `PA-VM-KVM-7.1.0.qcow2`.
## Verification Steps
1. Start msfconsole
2. ```use exploit/linux/http/panos_readsessionvars```
4. ```set RHOST [IP]```
7. ```exploit```
8. You should get a session (eventually)
## Options
**CBHOST** The callback listener address if the default is not accurate (port forwarding, etc)
**CBPORT** The callback listener port