CVE-2018-15708

This exploit leverages CVE-2018-15710 (and CVE-2018-15708) to achieve remote code execution and privilege escalation on Nagios XI versions 2012r1.0 to 5.5.6. It uses a self-signed certificate to serve a malicious PHP file via an HTTP server, then exploits MagpieRSS to write the file to the target system, leading to arbitrary command execution and root access via sudo misconfigurations.

This repository contains a Python script that detects potential exploitation attempts of CVE-2018-15708 by monitoring network traffic for specific TCP flags and window sizes. It logs and emails alerts when suspicious patterns are detected.

This Metasploit module exploits CVE-2018-15708 (unauthenticated RCE via magpie_debug.php) and CVE-2018-15710 (local privilege escalation) to achieve a root reverse shell on Nagios XI 5.5.6. It uploads a webshell and meterpreter payload, then escalates privileges using autodiscovery or NSE scripts.

This Metasploit module exploits CVE-2018-15708 (unauthenticated RCE) and CVE-2018-15710 (local privilege escalation) in Nagios XI <= 5.5.6 to achieve root-level command execution. It uploads a PHP web shell and a Meterpreter payload to writable directories, then escalates privileges via sudo misconfigurations.