Webmin Hacktricks -

Works even without password expiry enabled – just need a valid session cookie. 4.2 CVE-2019-12840 (Webmin < 1.910) Vulnerability: update.cgi RCE via u' parameter injection. Requires authenticated user. 4.3 CVE-2020-35606 (1.962) Vulnerability: Arbitrary file disclosure in package-updates/update.cgi (CWE-22) – leads to root SSH key theft. 5. Post-Exploitation Once you have root (Webmin runs as root by default): 5.1 Dump Webmin Users cat /etc/webmin/miniserv.users # Format: user:encrypted_pass 5.2 Modify Webmin to Persist Add a new admin user:

cat /etc/webmin/servers/*.conf # Contains IPs and credentials to other Webmin instances. Detect Webmin service: webmin hacktricks

ss -tlnp | grep 10000 ps aux | grep miniserv Works even without password expiry enabled – just

Webmin Hacktricks -

By use case

By role

By type

Educational

Webmin Hacktricks -

Thanks!