Vulnerability & Exploit Database

Back to search

Pandora FMS Remote Code Execution

This module exploits a vulnerability found in Pandora FMS 5.0RC1 and lower. It will leverage an unauthenticated command injection in the Anyterm service on port 8023/TCP. Commands are executed as the user "pandora". In Pandora FMS 4.1 and 5.0RC1 the user "artica" is not assigned a password by default, which makes it possible to su to this user from the "pandora" user. The "artica" user has access to sudo without a password, which makes it possible to escalate privileges to root. However, Pandora FMS 4.0 and lower force a password for the "artica" user during installation.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/linux/http/pandora_fms_exec

Authors

  • xistence <xistence [at] 0x90.nl>

Targets

  • Pandora 5.0RC1

Platforms

  • unix

Architectures

  • cmd

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/linux/http/pandora_fms_exec msf exploit(pandora_fms_exec) > show targets ...targets... msf exploit(pandora_fms_exec) > set TARGET <target-id> msf exploit(pandora_fms_exec) > show options ...show and set options... msf exploit(pandora_fms_exec) > exploit