milo2012

Description

I encountered a situation where the target running PAN-OS was vulnerable to CVE-2017-15944 but I was unable to exploit it using Metasploit.

The issue with exploiting CVE-2017-15944

One of the techniques of exploiting CVE-2017-15944 exploit, is to create a file under /opt/pancfg/mgmt/logdb/traffic/1/* which gets processed by the cron job (/etc/cron.d/indexgen -> /usr/local/bin/genindex_batch.sh). Metasploit uses this technique.

The article at https://tinyhack.com/2019/01/10/alternative-way-to-exploit-cve-2017-15944-on-pan-os-6-1-0/ mentions that it might be impossible to exploit CVE-2017-15944 as the script is already running. The article mentions that the cron job (/etc/cron.d/core_compress -> /usr/local/bin/core_compress) is also vulnerable to command injection.

itewqq

1. Disable or uninstall the official C/C++ plugin.
2. Install the clangd plugin.
3. Build the kernel with clang:

/path/to/kernel_source$ make CC=clang defconfig
/path/to/kernel_source$ make CC=clang -j16

4. Generate the compile_commands.json:

/path/to/kernel_source$ python ./scripts/clang-tools/gen_compile_commands.py

Liki4

first-time boot

# disable SELinux and firewalld
sudo sed -i s/^SELINUX=.*$/SELINUX=permissive/ /etc/selinux/config
sudo systemctl disable firewalld
sudo sed -i 's|# %wheel|%wheel|g' /etc/sudoers

sudo reboot

Esonhugh

Bloodhound as a service (Kubernetes Deployments/Docker Compose)

Usage

1. Change password (default password: default_admin_passwords)
2. Change user (default user: esonhugh)
3. Change ingress host name to your team server
4. Deploy it!
5. kubectl apply -f deployment-service.yaml -f ingress.yaml -f configmap.yaml # -n <change namespace you deploy>
6. use pipx install git+https://github.com/exploide/bloodhound-cli.git