# pfBlockerNG <= 2.1.4_26 Unauth RCE

This script is a proof-of-concept exploit for pfBlockerNG <= 2.1.4_26 that allows for remote code execution. It takes a single target URL or a list of URLs, uploads a shell, executes a command, and then deletes the shell.

## Requirements

This script requires Python 3.x and the requests and concurrent.futures modules to be installed. You can install these modules by running:

pip3 install requests concurrent.futures
pip3 install -r requirements.txt
## Usage

usage: [-h] [-c COMMAND] [-l LIST] [-i IP] [-t THREADS] [-o OUTPUT]

pfBlockerNG <= 2.1.4_26 Unauth RCE

  -h, --help            show this help message and exit
  -c COMMAND, --command COMMAND
                        Console Command ('id')
  -l LIST, --list LIST  List of targets (list.txt)
  -i IP, --ip IP        Base target uri (ex. http://target-uri/)
  -t THREADS, --threads THREADS
                        Number of threads for mass scan
  -o OUTPUT, --output OUTPUT
                        Output file (vuln.txt)


## Single Target

To exploit a single target, use the `-i` or `--ip` flag and specify the base URL or IP Address:

python3 -i http://target-uri/ -c 'id'

## Multiple Targets

To scan a list of targets, use the `-l` or `--list` flag and specify the path to the list:

python3 -l list.txt -c 'id' -t 50

The `-t` or `--threads` flag can be used to specify the number of threads to use for the scan.

## Output

If the `-o` or `--output` flag is specified, the list of vulnerable targets will be written to a file:

python3 -l list.txt -c 'id' -o vuln.txt

## Shodan Dork:

http.title:"pfSense - Login" "Server: nginx" "Set-Cookie: PHPSESSID="
## โš ๏ธ  Disclaimer

> This script is for educational purposes only. Use at your own risk.