POC of Nagios XI 5.2.6-5.4.12 -Chained Remote Code Execution(Metasploit) | CVE-2018-8733

    Nagios XI 5.2.6-5.4.12 -Chained Remote Code Execution(Metasploit)


Introduction:-
As the new exploit(CVE-2018-8733) is published which is capable to exploit the Nagios XI between version 5.2.6 to 5.4.12.Nagios is available in all the platform so i download the nagios virtual machine version 5.4.10 for my lab and download the exploit from www.exploit-db.com and paste it in the sub directory “exploit” of the metasploit framework and initialise the database or you can easily update the metasploit-framework by updating the OS.
About Nagios XI:-
Nagios is the most powerful,trusted,free and open source computer software application which helps in network monitoring,server monitoring and application monitoring and entire infrastructure and ensuring systems,applications,services and business process are functioning properly.It is easy to configure package along with advanced alerting and reporting.

Lab environment:-
Software:-VMware Workstation Pro
Vulnerable machine(Victim):-nagiosxi-5.4.10-64.ova
Attacker's machine:-Linux kali 4.14.0-kali3-amd64 #1 SMP Debian 4.14.12-2kali1 (2018-01-08) x86_64 GNU/Linux

Step 1:-
I downloaded the .ova file of the nagios xi and import in the vm workstation pro.
Step 2:-
Search IPs using arp-scan --local form my kali(attacker’s machine) and get the ip of the nagios(arp-scan --local is the command helps in showing the IPs of the nodes which is in the same network).
Step 3:-
Then use nmap for more reconnaissance of that ip we found that there is 3 ports open port 22 which is of ssh,port 80 which is of http and port 443 for https.
Step 4:-
Open msfconsole and search for nagios. And we get the exploit(exploit/unix/44969).
Step 5:-
Use that exploit and fill all the requirement for the exploitation(SET RHOST,SET LHOST,SET TARGET).
Step 6:-
Then type “Run” for gaining access of the victim’s machine and i get the meterpreter.Now attacker can do anything they want for victim’s machine.


Comments

Popular posts from this blog

POC On Sam Decryption

What is .crypt12 file extension?