Posts

Showing posts with the label metasploit hacking

Hacking NAGIOS XI RCE vulnerability with Metasploit

Image
Good morning friends. Today we will see about hacking Nagios with Metasploit. Nagios, also known asNagios Core, is a free and open source computer-software application that is used to  monitor systems, networks and infrastructure. It offers monitoring and alerting services for servers, switches, applications and services. Italso alerts users when things go wrong and alerts them a second time when the problem has been resolved. Versions of Nagios XI 5.2.7 and below suffer from SQL injection, auth bypass, file upload, command injection, and privilege escalation vulnerabilities. This exploit uses all these vulnerabilities to get a root shell on the victim’s machine. Now let’ see how this exploit works. Start Metasploit and load the module as shown below. Let us set a new payload as shown below. Set the target IP address as shown below. Use check command to see whether our target is vulnerable as shown below. If our target is vulnerable, type command “run” to execute our exploit. If ever…

IPFire firewall hacking with Metasploit

Image
Good evening friends. Firewalls are one of the most important components in the security of a network. Vulnerabilities in firewalls can be more serious. Today we will see one such vulnerability. IPFire is an open source firewall,router and VPN  built form LFS( Linux From Scratch ). All the versions below 2.19 of this firewall suffer from rce vulnerability in proxy.cgi page. Today we will see how to exploit this vulnerability with Metasploit. This vulnerability can be exploited only if credentials are known. So all users using credentials which can be guessed easilly are vulnerable. Ipfire firewall hacking Start Metasploit, load the exploit and check the options required. Type command “show payloads” to see all the payloads. Set the required payload. Set the required options as shown below. As already said, we need the credentials and of course the target IP address. After all the options are set, use the “run” command to execute the exploit. We will get the target’s shell as shown be…