Wednesday, July 8, 2020

Exploiting Webmin 1.890 through cURL

In a recent CTF, I came across a legacy version of Webmin with a Metasploit module. I prefer to do things without Metasploit, so decided to use cURL.



    • In the above, you can see that Webmin is running by the page title - "Login to Webmin" and the version - "Server: MiniServ/1.890"

    This specific version of Webmin has a backdoor with an associated Metasploit Module. The exploit looked easy enough, so I decided to do it manually.



    • Basic code execution.



    • We're already root...



    • And there's the flag. I won't cat it in this post, but there you go.
    Posted by at

    No comments :

    Post a Comment

    Subscribe to: Post Comments ( Atom )