Posted on 1 Comment

Hack NAGIOS XI RCE with Metasploit

Hello Aspiring Hackers . In this howto, we will see how to hack nagios with Metasploit. Nagios, also known as Nagios Core, is a free and open source computer-software application that is used to  monitor systems, networks and infrastructure. It offers monitoring and alerting services for servers, switches, applications and services. It also alerts users when things go wrong and alerts them a second time when the problem has been resolved.

Versions of Nagios XI 5.2.7 and below suffer from SQL injection, auth bypass, file upload, command injection, and privilege escalation vulnerabilities. This exploit uses all these vulnerabilities to get a root shell on the victim’s machine. Now let’ see how this exploit works. Start Metasploit and load the module as shown below.

Let us set a new payload as shown below.

Set the target IP address as shown below. Use check command to see whether our target is vulnerable as shown below. If our target is vulnerable, type command “run” to execute our exploit. If everything goes right, we will get a shell on our target as shown below.

How to stay safe:

The current version of Nagios available is 5.29. Please update to the latest version.

That’s how we can hack nagios with Metasploit. See how to bypass Windows Applocker. Want to learn Ethical hacking in Real World Scenarios? subscribe to our Digital Magazine Now.

Follow Us

1 thought on “Hack NAGIOS XI RCE with Metasploit

  1. It workedddddd. thankssss

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.