POC详情: 809b998f72d73a002d55452f31280bbdddee3aaa

来源
https://github.com/xfox64x/CVE-2016-5639
关联漏洞
标题: Crestron AirMedia AM-100 目录遍历漏洞 (CVE-2016-5639)
描述:Crestron AirMedia AM-100是美国Crestron Electronics公司的一款智能家居网关产品。 使用1.4.0.13之前版本固件的Crestron AirMedia AM-100设备中的cgi-bin/login.cgi文件存在目录遍历漏洞。远程攻击者可通过src参数中的目录遍历字符‘..’利用该漏洞读取任意文件。
描述
Crestron AirMedia AM-100 Traversal and Hashdump Metasploit Modules
介绍
# CVE-2016-5639
Crestron AirMedia AM-100 Traversal and Hashdump Metasploit Modules

Two similar modules that take advantage of CVE-2016-5639 to dump hashes and retrieve files through path traversal. I made these modules separate because I wanted experience writing something that could "dump" hashes, correctly format them for cracking, and add them to the loot. Any suggestions welcome.


All credit for the original exposure and writeup of the vulnerabilities should go to Cylance, I guess:
https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2016-05-001.md
文件快照

 [4.0K]  /data/pocs/809b998f72d73a002d55452f31280bbdddee3aaa
├── [4.7K]  crestron_airmedia_hashdump.rb
├── [3.0K]  crestron_airmedia_traversal.rb
└── [ 576]  README.md

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。