module
NorthStar C2 XSS to Agent RCE
| Disclosed | Created |
|---|---|
| 03/12/2024 | 05/21/2024 |
Disclosed
03/12/2024
Created
05/21/2024
Description
NorthStar C2, prior to commit 7674a44 on March 11 2024, contains a vulnerability where the logs page is
vulnerable to a stored xss.
An unauthenticated user can simulate an agent registration to cause the XSS and take over a users session.
With this access, it is then possible to run a new payload on all of the NorthStar C2 compromised hosts
(agents), and kill the original agent.
Successfully tested against NorthStar C2 commit e7fdce148b6a81516e8aa5e5e037acd082611f73 running on
Ubuntu 22.04. The agent was running on Windows 10 19045.
vulnerable to a stored xss.
An unauthenticated user can simulate an agent registration to cause the XSS and take over a users session.
With this access, it is then possible to run a new payload on all of the NorthStar C2 compromised hosts
(agents), and kill the original agent.
Successfully tested against NorthStar C2 commit e7fdce148b6a81516e8aa5e5e037acd082611f73 running on
Ubuntu 22.04. The agent was running on Windows 10 19045.
Authors
h00diechebuya
Platform
Windows
Architectures
cmd
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use exploit/windows/http/northstar_c2_xss_to_agent_rce
msf /(e) > show actions
...actions...
msf /(e) > set ACTION < action-name >
msf /(e) > show options
...show and set options...
msf /(e) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.