H00die Gr3y

A practical ethical hacker…

less than 1 minute read

This is a new module addressing an old vulnerability in OpenMediaVault, an open-source NAS solution. The vulnerability exists within all OpenMediaVault versions starting from 0.1 until the recent release 7.4.2-2 and it allows an authenticated user to create cron jobs as root on the system. An attacker can abuse this by sending a POST request via rpc.php to schedule and execute a cron entry that runs arbitrary commands as root on the system. I created a Metaspoit module unix/webapp/openmediavault_auth_cron_rce that has been released in main stream of Metasploit.

Annoucement will follow shortly.

Updated:

Leave a comment

You may also enjoy

How to spawn an UART shell?

less than 1 minute read

Hacking IoT hardware to find exploits is fun but can be challenging if you do not have access to the Firmware. Using Firmware emulation allows you to gain ac...

GeoServer Metasploit exploit module

less than 1 minute read

Recently CVE-2024-36401 was announced that describes a vulnerability in GeoServer. GeoServer is an open-source software server written in Java that provides ...

Welcome to my site!

less than 1 minute read

Hello world, this is my first blog post.