Jump to content

Hak5 Wifi Pineapple RCE PoC By 1N3


1N3
 Share

Recommended Posts

As a pentester, I find myself checking random fields and forms for arbitrary code execution and came across a code execution flaw in the log viewer infusion for the Pineapple. This isn't technically a vulnerability since you need to be logged in as root but it's still un-intended functionality resulting in arbitrary code execution.... Regardless of the impact, I enjoy finding things like this so here it is... enjoy!

https://www.youtube.com/watch?v=I_i2RhfB-Z8

Link to comment
Share on other sites

Yeah, we are going over all the inputs and fixing them.

Of course, as you said, you need root access to the WiFi Pineapple for this to work.

As an attacker, it would be better to just SSH in or use the "execute commands" field in the configuration infusion.

We appreciate any feedback we get!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...