## https://sploitus.com/exploit?id=EEAEFFD5-4AD6-5450-8682-2518F6914DD7
# pfSense 2.7.0 Command Injection Exploit (CVE-2023-48123)
This Python script is a Proof-of-Concept (PoC) exploit for the command injection vulnerability (CVE-2023-48123) in pfSense CE 2.7.0 and pfSense Plus 23.05.1. The vulnerability allows authenticated attackers to inject and execute arbitrary commands via the `diag_packet_capture.php` component.
## Features
- Command injection capability to run arbitrary shell commands.
- Netcat reverse shell handling with automatic thread management.
- Debug mode for enhanced visibility of request data.
## Prerequisites
Before running the script, make sure you have:
- Python 3.x installed on your system.
- And run `pip install -r requirements.txt` to make sure the depndecies are satisfied.
- Add a .env file with required variables (explained down bellow) to the projects directory.
## Usage
### Basic Example (Command Injection)
This command executes the exploit and runs the command that you specified in the .env file:
```bash
python3 exploit.py
```
##### .env variables
- `username` --> Username for pfSense admin login
- `password` --> Password for pfSense admin login
- `target` --> Target pfSense IP (e.g., http://10.101.1.1)
- `interface` --> On which interface to capture the packets (e.g. em0)
- `command` --> Command to inject
- `debug` --> Enable debug mode to print response data (True or False)
- `insecure` --> Allow insecure server connections when using SSL (True or False)
### Example Output
When the exploit runs successfully, you should see output similar to this:
```bash
[2024-10-24 03:57:59] [SUCCESS] Target http://10.101.1.1 is reachable
[2024-10-24 03:57:59] [INFO] Fetching CSRF token from: http://10.101.1.1/
[2024-10-24 03:57:59] [SUCCESS] CSRF token extracted successfully
[2024-10-24 03:57:59] [INFO] Sending exploit request to http://10.101.1.1/diag_packet_capture.php
[2024-10-24 03:57:59] [SUCCESS] Exploit sent successfully
```
### Notes
- **Privilege Requirement**: You must have valid user credentials for the pfSense instance.
- **Target System**: This exploit is specific to pfSense CE 2.7.0 and pfSense Plus 23.05.1. Note that **it does not affect earlier versions**.
- **Reverse Shell**: Ensure your firewall settings allow incoming connections on the specified port when setting up a reverse shell.
### Debug Mode
If you want to see more details about the requests being sent, you can enable debug mode by setting `debug` variable to true in the .env file. This will print out response data and help you troubleshoot any issues.
## Troubleshooting
- Ensure the target system is reachable.
- Double-check the credentials being used for login.
- Use the debug mode for more detailed logging if needed.
## Disclaimer
This project is made for educational and ethical testing purposes only. Usage of this tool for attacking targets without prior mutual consent is illegal. Developers assume no liability and are not responsible for any misuse or damage caused by this tool.
## License
This project is licensed under the MIT License.