This Metasploit module exploits an unauthenticated command injection vulnerability found in ZeroShell version 3.9.0 in the “https://packetstormsecurity.com/cgi-bin/kerbynet” url. As sudo is configured to execute /bin/tar without a password (NOPASSWD) it is possible to run root commands using the “checkpoint” tar options.

Leave a comment