module

Pi-Hole Remove Commands Linux Priv Esc

Disclosed	Created
2021-04-20	2021-07-29

Disclosed

2021-04-20

Created

2021-07-29

Description

Pi-Hole versions 3.0 - 5.3 allows for command line input to the removecustomcname,
removecustomdns, and removestaticdhcp functions without properly validating
the parameters before passing to sed. When executed as the www-data user,
this allows for a privilege escalation to root since www-data is in the
sudoers.d/pihole file with no password.

Authors

h00die
Emanuele Barbeno emanuele.barbeno@compass-security.com

Platform

Linux,Unix

Architectures

cmd

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:


    msf > use exploit/linux/local/pihole_remove_commands_lpe
    msf exploit(pihole_remove_commands_lpe) > show targets
        ...targets...
    msf exploit(pihole_remove_commands_lpe) > set TARGET < target-id >
    msf exploit(pihole_remove_commands_lpe) > show options
        ...show and set options...
    msf exploit(pihole_remove_commands_lpe) > exploit

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today