-
Notifications
You must be signed in to change notification settings - Fork 13.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Junos OS PHPRC: Added features for interactive ssh jailbreak #19229
Conversation
…gin, working timeouts
This was tested with Junos OS 23.2R1.13, 20.2R3.9 and a very old version 12.3R11.2 |
Co-authored-by: Simon Janusz <85949464+sjanusz-r7@users.noreply.github.com>
Co-authored-by: Simon Janusz <85949464+sjanusz-r7@users.noreply.github.com>
acd9872
to
c7509d0
Compare
Per the linting failure:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey @softScheck thanks for the enhancement! It's much appreciated. I've created an account at juniper.net in hopes to download the older version 12.3R11.2
for testing and verification purposes. I got an email saying my request is being processed and that it might take some time. If you know where I might be able to find a copy of the older version if you could email any info to msfdev@metasploit.com that would be greatly appreciated!
Final testing 👌 Target: Interactive SSH with jail breakCreate session
Steal session
Steal session + set ssh root login to allow
Steal session + Old Hash Format
Target: PHP In-Memoryphp meterpreter
|
Release NotesThe junos_phprc_auto_prepend_file module used to depend on having a user authenticated to the J-Web application to steal the necessary session tokens in order to exploit. With this enhancement the module will now create a session if one doesn't exist. Also it adds datastore options to change the hash format to be compatible with older version as well an option to attempt to set ssh root login to true before attempting to establish a root ssh session. |
This pull request adds several features:
login.php
to create this session on the device.SECUREPHPSESSID
additionally that is used if SSL is enabled.