Few weeks ago when I was playing a bit with Fortigate machines I decided to check FortiADC VM (downloaded here). After a while I found an interesting "feature" that can be used to achieve ('limited' AFAIK ;)) postauth RCE. Below you'll find few notes about it. Here we go...
Today we'll start here:
This time to prepare my environment I used:
- Ubuntu 22 VM
If your LAB is ready to go - we can continue and move forward.
Postauth (admin) user will see the Shared Resources tab. Let's go there:
Now - in Health Check Script - we can add/modify a bash script. :) Let's try:
If we'll save our health-script we can move forward to (Health Check to add our new_check if needed or to) Health Check Monitor to prepare our script to run. For example:
Basic results presented below:
Now. If you're looking for a-live files ;) - it should be easier to grab them, right?
Remember to use 'Script' type as your health-check:
(Use only for legal purposes.)
Have fun and if you enjoyed it - let me know in the comments below what do you think about it. ;)
Thanks and see you soon!
Cheers,
Brak komentarzy:
Prześlij komentarz