Nagios XI 5.2.6-5.4.12 -Chained Remote Code Execution(Metasploit) | CVE-2018-8733 | Lucideus

Introduction                                                                                                                  Difficulty: Easy 
As the new exploit(CVE-2018-8733) is published which is capable to exploit the Nagios XI between version 5.2.6 to 5.4.12. Nagios is available in all the platform so we downloaded thNagiosos virtual machine version 5.4.10 for my lab and download the exploit from www.exploit-db.com and paste it in the subdirectory “exploit” of the Metasploit framework and initialise the database or you can easily update the metasploit-framework by updating the OS.

About Nagios XI
Nagios is the most powerful, trusted, free and open source computer software application which helps in network monitoring, server monitoring and application monitoring and entire infrastructure and ensuring systems, application s,services and business process are functioning properly. It is easy to configure package along with advanced alerting and reporting.

Lab Environment
Software:-VMware Workstation Pro
Vulnerable machine(Victim):-nagiosxi-5.4.10-64.ova
Attacker's machine:-Linux kali 4.14.0-kali3-amd64 #1 SMP Debian 4.14.12-2kali1 (2018-01-08) x86_64 GNU/Linux

Step 1: We downloaded the .ova file of the Nagios xi and import in the VM workstation.



Step 2: Search IPs using arp-scan --local form our Kali(attacker’s machine) and get the IP of the Nagios(arp-scan --local is the command helps in showing the IPs of the nodes which is in the same network).

Step 3: Then use nmap for more reconnaissance of that IP we found that there are three ports open port 22 which is of ssh, port 80 which is of HTTP and port 443 for HTTPS.

Step 4: Open msfconsole and search for Nagios. And we get the exploit(exploit/unix/44969).

Step 5: Use that exploit and fill all the requirement for the exploitation(SET RHOST, SET LHOST, SET TARGET).

Step 6: Then type “Run” for gaining access to the victim’s machine and I get the meterpreter.Now the attacker can do anything they want for the victim’s machine.

No comments:

Powered by Blogger.