This exploit was developed based on the technical description by depthsecurity
https://depthsecurity.com/blog/cve-2017-6079-blind-command-injection-in-edgewater-edgemarc-devices
The HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows for user-defined commands such as specific iptables routes, etc., to be set. You can use this page as a web shell essentially to execute commands, though you get no feedback client-side from the web application: if the command is valid, it executes. An example is the wget command. The page that allows this has been confirmed in firmware as old as 2006.
Also ReadVboxdie Cracker – Virtual Box Disk Image Encryption Password Cracker
Nmap will identify the device from its web server as shown
_____ _ _
| ____|__| | __ _ _____ ____ _| |_ ___ _ __
| _| / _` |/ _` |/ _ \ \ /\ / / _` | __/ _ \ '__|
| |__| (_| | (_| | __/\ V V / (_| | || __/ |
|_____\__,_|\__, |\___| \_/\_/ \__,_|\__\___|_|
|___/
_____ _
| ____|__| | __ _ ___ _ __ ___ __ _ _ __ ___
| _| / _` |/ _` |/ _ \ '_ ` _ \ / _` | '__/ __|
| |__| (_| | (_| | __/ | | | | | (_| | | | (__
|_____\__,_|\__, |\___|_| |_| |_|\__,_|_| \___|
|___/
_____ _ _ _
| ____|_ ___ __ | | ___ (_) |_
| _| \ \/ / '_ \| |/ _ \| | __|
| |___ > <| |_) | | (_) | | |_
|_____/_/\_\ .__/|_|\___/|_|\__|
|_|
Edgewater Edgemarc Exploit CVE-2017-6079
Coded By: Mostafa Soliman
[USAGE] CVE-2017-6079.py [operation] [TargetIP] [AttackerIP] [FilePath]
operation: Either read / upload
AttackerIP: IP address to receive the connection on
TargetIP: IP address of the target running Edgewater Edgemarc server
FilePath: Remote file to download in case of "read" operation
Local file to upload in case of "upload" operation
The exploit assumes that the device has default root password which is default if this is not the case you will need to replace the Authorization The exploit has 2 modes of operation:
This mode allow the attacker to read any files on the vulnerable device.
This mode allow the attacker to upload ELF file payload to /tmp/ folder and execute it. You will need to start listner to recieve the connection.
Introduction Bash scripting is a powerful way to automate Linux tasks, but writing a script…
Introduction A self-signed SSL certificate is a certificate that is created and signed by the…
Introduction Debugging is an important part of Bash scripting. When a script does not work…
Introduction Cron jobs are used in Linux to run commands or Bash scripts automatically at…
Introduction Pipes are an important feature in Linux and Bash scripting. A pipe allows you…
Introduction The grep, awk, and sed commands are powerful text-processing tools in Linux. They are…