Sunday, July 19, 2020
Wednesday, July 8, 2020
Exploiting Webmin 1.890 through cURL
In a recent CTF, I came across a legacy version of Webmin with a Metasploit module. I prefer to do things without Metasploit, so decided to use cURL.
In the above, you can see that Webmin is running by the page title - "Login to Webmin" and the version - "Server: MiniServ/1.890"
This specific version of Webmin has a backdoor with an associated Metasploit Module. The exploit looked easy enough, so I decided to do it manually.
Basic code execution.
We're already root...
And there's the flag. I won't cat it in this post, but there you go.
In the above, you can see that Webmin is running by the page title - "Login to Webmin" and the version - "Server: MiniServ/1.890"
This specific version of Webmin has a backdoor with an associated Metasploit Module. The exploit looked easy enough, so I decided to do it manually.
Basic code execution.
We're already root...
And there's the flag. I won't cat it in this post, but there you go.
Subscribe to:
Posts
(
Atom
)