dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
metasploit-framework/documentation/modules/exploit/unix/http/pfsense_clickjacking.md

671 B
Raw Permalink Blame History

Vulnerable Application

This vulnerability affects any pfSense versions prior to 2.4.2-RELEASE.

Vulnerable Setup

The victim should be able to access the WebGUI & must be logged in as admin in order for this exploit to work. Possibly the WebGUI's TLS certificate must be trusted in the browser.

Verification Steps

  1. use exploit/unix/http/pfsense_clickjacking
  2. set TARGETURI https://<ip WebGUI>
  3. exploit
  4. Browse to the URL returned by MSF
  5. Click anywhere on the returned page
  6. Note that a new Meterpreter sessions was started.

Options

TARGETURI

The base path of the WebGUI. The default base path is https://192.168.1.1/