Rapid7 Vulnerability & Exploit Database

Haserl Arbitrary File Reader

Back to Search

Haserl Arbitrary File Reader

Created
04/09/2021

Description

This module exploits haserl prior to 0.9.36 to read arbitrary files. The most widely accepted exploitation vector is reading /etc/shadow, which will reveal root's hash for cracking.

Author(s)

  • Julien (jvoisin) Voisin
  • Ike Broflovski

Platform

Linux

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.

– Jim O’Gorman | President, Offensive Security

;