Nagios Expoit Video PoC
Nagios Core < 4.2.2 Curl Cmd Injection / Remote Code Execution (CVE-2016-9565)
Nagios Core < 4.2.4 Root Privilege Escalation (CVE-2016-9566)
Discovered by
Dawid Golunski
Follow @dawid_golunski
https://legalhackers.com
Description:
The video below demonstrates how an attacker using the CVE-2016-9565 vulnerability in Nagios, could gain access to the Nagios server in the context of www-data/nagios user and escalate their privileges to root by exploiting the Root Privilege Escalation vulnerability CVE-2016-9566.
To receive updates on this as well as new vulnerabilities:
Follow @dawid_golunski
~~~~~~~~~~~ ExploitBox.io ~~~~~~~~~~~~~~~~
Interested in security / vulns / exploits ?
Check out the new project of the author of this advisory:
ExploitBox.io
A Playground & Labs for security folks into
HACKING &AMp;
the art of exploitation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Nagios Core < 4.2.4 Root Privilege Escalation (CVE-2016-9566)
Discovered by
Dawid Golunski
Follow @dawid_golunski
https://legalhackers.com
Description:
The video below demonstrates how an attacker using the CVE-2016-9565 vulnerability in Nagios, could gain access to the Nagios server in the context of www-data/nagios user and escalate their privileges to root by exploiting the Root Privilege Escalation vulnerability CVE-2016-9566.
To receive updates on this as well as new vulnerabilities:
Follow @dawid_golunski
~~~~~~~~~~~ ExploitBox.io ~~~~~~~~~~~~~~~~
Interested in security / vulns / exploits ?
Check out the new project of the author of this advisory:
ExploitBox.io
A Playground & Labs for security folks into
HACKING &AMp;
the art of exploitation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://legalhackers.com
Description:
The video below demonstrates how an attacker using the CVE-2016-9565 vulnerability in Nagios, could gain access to the Nagios server in the context of www-data/nagios user and escalate their privileges to root by exploiting the Root Privilege Escalation vulnerability CVE-2016-9566.
To receive updates on this as well as new vulnerabilities: Follow @dawid_golunski
~~~~~~~~~~~ ExploitBox.io ~~~~~~~~~~~~~~~~
Interested in security / vulns / exploits ?
Check out the new project of the author of this advisory:
ExploitBox.io
A Playground & Labs for security folks into HACKING &AMp;
the art of exploitation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~