CVE-2016-5639 PoC — Crestron AirMedia AM-100 目录遍历漏洞

Source

https://github.com/xfox64x/CVE-2016-5639

Associated Vulnerability

Title:Crestron AirMedia AM-100 目录遍历漏洞 (CVE-2016-5639)
Description:Crestron AirMedia AM-100是美国Crestron Electronics公司的一款智能家居网关产品。使用1.4.0.13之前版本固件的Crestron AirMedia AM-100设备中的cgi-bin/login.cgi文件存在目录遍历漏洞。远程攻击者可通过src参数中的目录遍历字符‘..’利用该漏洞读取任意文件。

Description

Crestron AirMedia AM-100 Traversal and Hashdump Metasploit Modules

Readme

# CVE-2016-5639
Crestron AirMedia AM-100 Traversal and Hashdump Metasploit Modules

Two similar modules that take advantage of CVE-2016-5639 to dump hashes and retrieve files through path traversal. I made these modules separate because I wanted experience writing something that could "dump" hashes, correctly format them for cracking, and add them to the loot. Any suggestions welcome.


All credit for the original exposure and writeup of the vulnerabilities should go to Cylance, I guess:
https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2016-05-001.md

File Snapshot


 [4.0K]  /data/pocs/809b998f72d73a002d55452f31280bbdddee3aaa
├── [4.7K]  crestron_airmedia_hashdump.rb
├── [3.0K]  crestron_airmedia_traversal.rb
└── [ 576]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!