NorthStar C2 XSS to Agent RCE
Description
NorthStar C2, prior to commit 7674a44 on March 11 2024, contains a vulnerability where the logs page is vulnerable to a stored xss. An unauthenticated user can simulate an agent registration to cause the XSS and take over a users session. With this access, it is then possible to run a new payload on all of the NorthStar C2 compromised hosts (agents), and kill the original agent. Successfully tested against NorthStar C2 commit e7fdce148b6a81516e8aa5e5e037acd082611f73 running on Ubuntu 22.04. The agent was running on Windows 10 19045.
Author(s)
- h00die
- chebuya
Platform
Windows
Architectures
cmd
Development
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/windows/http/northstar_c2_xss_to_agent_rce
msf exploit(northstar_c2_xss_to_agent_rce) > show targets
...targets...
msf exploit(northstar_c2_xss_to_agent_rce) > set TARGET < target-id >
msf exploit(northstar_c2_xss_to_agent_rce) > show options
...show and set options...
msf exploit(northstar_c2_xss_to_agent_rce) > exploit
- Collect and share all the information you need to conduct a successful and efficient penetration test
- Simulate complex attacks against your systems and users
- Test your defenses to make sure they’re ready
- Automate Every Step of Your Penetration Test
Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.
– Jim O’Gorman | President, Offensive Security