Skip to content

A Python script to exploit CVE-2020-8816, a remote code execution vulnerability on the Pi-hole

Notifications You must be signed in to change notification settings

AndreyRainchik/CVE-2020-8816

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 

Repository files navigation

CVE-2020-8816

A Python script to exploit CVE-2020-8816, a remote code execution vulnerability on the Pi-hole.

This script uses the techniques found by François Renaud-Philippon to achieve remote code execution on a Pi-hole running a web interface version less than 4.3.3. The exploit requires the path for the www-data user to be /opt/pihole:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin.

> python3 .\CVE-2020-8816.py -h
usage: CVE-2020-8816.py [-h] url password ip port

Receive a reverse shell on a Pi-hole with access to the admin web console

positional arguments:
  url         The URL of the Pi-hole console
  password    The admin password for the Pi-hole console
  ip          The IP address for the reverse shell to connect to
  port        The port for the reverse shell to connect to

optional arguments:
  -h, --help  show this help message and exit

The script in action

About

A Python script to exploit CVE-2020-8816, a remote code execution vulnerability on the Pi-hole

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages