module

Pi-Hole heisenbergCompensator Blocklist OS Command Execution

Disclosed	Created
May 10, 2020	May 18, 2020

Disclosed

May 10, 2020

Created

May 18, 2020

Description

This exploits a command execution in Pi-Hole update is forced (gravity) to pull in the blocklist content. PHP content is then written
to a file within the webroot. Phase 1 writes a sudo pihole command to launch teleporter,
effectively running a priv esc. Phase 2 writes our payload to teleporter.php, overwriting,
the content. Lastly, the phase 1 PHP file is called in the web root, which launches
our payload in teleporter.php with root privileges.

Authors

h00die
Nick Frichette

Platform

PHP

Architectures

php

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


    msf > use exploit/unix/http/pihole_blocklist_exec
    msf exploit(pihole_blocklist_exec) > show targets
        ...targets...
    msf exploit(pihole_blocklist_exec) > set TARGET < target-id >
    msf exploit(pihole_blocklist_exec) > show options
        ...show and set options...
    msf exploit(pihole_blocklist_exec) > exploit

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report