authenticated arbitrary code execution exploit in pfsense community edition <= 2.2.6
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Authenticated Arbitrary Code Execution on pfSense <= 2.2.6


pfSense Community Edition firewall version 2.2.6 and below is vulnerable to arbitrary code execution exploit as an authenticated non-administrative user. The initial advisory came from Security Assessment in April 2016, however until very recently there was not a public exploit for this vulnerability. This is my version of this exploit.

You can read about the research and development process on my blog post about the exploit.

php reverse shell payload


meterpreter staged payload



This exploit can use either a pure PHP reverse shell or a meterpreter staged payload

nc reverse shell

python3 nc

meterpreter staged payload

python3 msf

variables to set

set these variables (in the source code) to their appropriate values for your exploitation

username = 	"admin" 			# default is admin
password = 	"pfsense"			# default is pfsense
listener_ip = 	""
listener_port = "4444"
target_ip = 	""
proxied_url = 	""	# if you want to proxy