Few days ago I posted some notes about the bug found in January in Palo Alto VM. Today you'll find some details about a working poc for Metasploit created for this bug. Here we go...
Today we'll start here:
To (re)create "our environment" you should follow the notes mentioned in the post published few days ago.
When all is prepared correctly - we can add our 'Palo Alto Metasploit module' to other modules in Kali VM, using this command:
mkdir -p ~/.msf4/modules/auxiliary/dos/paloalto/
Save your poc module in file:
vim ~/.msf4/modules/auxiliary/dos/paloalto/cli_crash_postauth.rb
Using Metasploit - type command: reload_all to refresh the list of modules to use.
When all is prepared correctly - we can add our 'Palo Alto Metasploit module' to other modules in Kali VM, using this command:
mkdir -p ~/.msf4/modules/auxiliary/dos/paloalto/
Save your poc module in file:
vim ~/.msf4/modules/auxiliary/dos/paloalto/cli_crash_postauth.rb
Using Metasploit - type command: reload_all to refresh the list of modules to use.
Now we should be ready to search for "our module", like this:
When you'll prepare all the settings for this module (so basically: RHOSTS and PASSWORD) you should be ready to run it against your Palo Alto VM:
Starting the module:
After a while you should see a final message:
Verityfing the attack on the Palo Alto VM - you should now see the results similar to those presented on the screen below:
Remember to use it only for legal purposes and pentests and feel free to develop it for educational purposes. ;)
Have fun!
Cheers
Have fun!
Cheers
Brak komentarzy:
Prześlij komentarz