CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/exploit/unix/http/maltrail_rce.md
Views: 1904
Vulnerable Application
Maltrail is a malicious traffic detection system, utilizing publicly available blacklists containing malicious and/or generally suspicious trails. The Maltrail versions <= 0.54 is suffering from a command injection vulnerability. The subprocess.check_output
function in mailtrail/core/http.py
contains a command injection vulnerability in the params.get("username")
parameter. An attacker can exploit this vulnerability by injecting arbitrary OS commands into the username parameter. The injected commands will be executed with the privileges of the running process. This vulnerability can be exploited remotely without authentication.
This issue was discovered and reported by Chris Wild @briskets. Check here for the original report.
Testing
For installing the vulnerable version follow the steps below,
Follow the manual installation steps given here
After cloning the git project, simply do
git checkout 0.53
and proceed with the rest of the steps.
After these steps the Maltrail web interface will be exposed on the http://<target>:8338/
.
Verification Steps
msfconsole
Do:
use exploit/unix/http/maltrail_rce
Do:
set RHOST [IP]
Do:
set LHOST [IP]
Do:
run