Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2011-5325 PoC — BusyBox 路径遍历漏洞

Source
https://github.com/itwizardo/CVE-2011-5325
Associated Vulnerability
Title:BusyBox 路径遍历漏洞 (CVE-2011-5325)
Description:BusyBox是由软件开发者Denys Viasenko开发维护的一个UNIX程序实用包。BusyBox implementation of tar是其中的一个tar(文件备份)命令的实现。 BusyBox implementation of tar 1.22.0 v5之前的版本中存在目录遍历漏洞。远程攻击者可通过符号链接攻击利用该漏洞读取任意文件。
Description
Proof Of Concept
Readme
Title: PoC: Detecting Hardcoded Credentials (Default Password) in DCS-953L Firmware of Dlink (Novi Hogeschool Assessment)

Purpose: This Python script provides a foundational demonstration of how to automate the initial steps of searching for hardcoded credentials within the Dlink DCS-935L Firmware. It's designed as an educational Proof of Concept (PoC) for a Novi Hogeschool assessment.

Usage: To use the provided script, follow these steps:

1. Install Python: Ensure Python is installed on your system.

   
Linux Install Python:
```
sudo apt install python3
```
Mac Install Python:
```
brew install python
```
2. Install Required Modules: You need to install the `requests` module if it's not already installed. You can do this using pip, Python's package manager, by running the following command in your terminal or command prompt:
   ```
   pip install requests
   ```
3. Run the Script: Open a terminal or command prompt, navigate to the directory containing the `CVE-2019-12550.py` file, and run the script using the following command:
   ```
   python3 CVE-2019-12550.py   
   ```
4. Check Output: After running the script, it will download the DCS935L Firmware, extract its contents, locate the `/etc/passwd_default` file, read its content, and write it to a new file named `done.txt`. You can find the `done.txt` file in the same directory where you ran the script.

5. Review Output: Open the `done.txt` file to review the contents of the `/etc/passwd_default` file, which was retrieved.

How it Works

Downloads a Repository: The script downloads a specified GitHub repository as a ZIP file.
Extracts the Archive: It extracts the contents of the downloaded ZIP file.
Locates a Target File: The script navigates the extracted file structure to locate a specific file (in this example, 'etc/passwd_default').
Copies File Content: The contents of the target file are copied to a new file ('done.txt') for further manual inspection.

Important Notes

Ensure you have the requests and zipfile libraries installed (pip install requests zipfile).
Disclaimer: This script is intended for educational use within the scope of a Novi Hogeschool assessment.  Always use code responsibly and ethically when interacting with GitHub repositories.

Author Georgio T
File Snapshot

 [4.0K]  /data/pocs/83c5a2dc02052b3bd18ef22af5422ce790138002
├── [1.1K]  CVE-2019-12550.py
└── [2.2K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.