Kali Linux

Thunderstorm : Modular Framework To Exploit UPS Devices

Thunderstorm is a modular framework to exploit UPS devices.

For now, only the CS-141 and NetMan 204 exploits will be available. The beta version of the framework will be released on the future.

CVE

Thunderstorm is currently capable of exploiting the following CVE:

  • CVE-2022-47186 – Unrestricted file Upload # [CS-141]
  • CVE-2022-47187 – Cross-Site Scripting via File upload # [CS-141]
  • CVE-2022-47188 – Arbitrary local file read via file upload # [CS-141]
  • CVE-2022-47189 – Denial of Service via file upload # [CS-141]
  • CVE-2022-47190 – Remote Code Execution via file upload # [CS-141]
  • CVE-2022-47191 – Privilege Escalation via file upload # [CS-141]
  • CVE-2022-47192 – Admin password reset via file upload # [CS-141]
  • CVE-2022-47891 – Admin password reset # [NetMan 204]
  • CVE-2022-47892 – Sensitive Information Disclosure # [NetMan 204]
  • CVE-2022-47893 – Remote Code Execution via file upload # [NetMan 204]

Requirements

  • Python 3
  • Install requirements.txt

Download

It is recommended to clone the complete repository or download the zip file. You can do this by running the following command:

git clone https://github.com/JoelGMSec/Thunderstorm

Also, you probably need to download the original and the custom firmware. You can download all requirements from here: https://darkbyte.net/links/thunderstorm.php

License

This project is licensed under the GNU 3.0 license – see the LICENSE file for more details.

Credits and Acknowledgments

This tool has been created and designed from scratch by Joel Gámez Molina // @JoelGMSec

Contact

This software does not offer any kind of guarantee. Its use is exclusive for educational environments and / or security audits with the corresponding consent of the client. I am not responsible for its misuse or for any possible damage caused by it.

For more information, you can find me on Twitter as @JoelGMSec and on my blog darkbyte.net.

R K

Recent Posts

Playwright-MCP : A Powerful Tool For Browser Automation

Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…

3 weeks ago

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

3 weeks ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

3 weeks ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

3 weeks ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

3 weeks ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

3 weeks ago