This Python script is a powerful exploit for EasyNAS version 1.1.0. The vulnerability exploited is a command injection flaw, which requires authentication.
The script begins by establishing a session with the target server, then sends a login request with user-provided credentials. Upon successful authentication, the script constructs a payload that, when executed, opens a reverse shell connection to a user-specified IP and port. This payload is URL and Base64 encoded and then injected into the backup.pl
file on the server via a crafted GET request.
This script is meant to be a proof of concept, and should only be used responsibly and ethically.
Ivan Spiridonov (ivanspiridonov@gmail.com) https://xbz0n.medium.com
./exploit.py http(s)://url username password listenerIP listenerPort
Requires Python3 and the Requests library.
Disable the insecure request warnings when using this script, as it will attempt to establish an HTTPS connection to the target URL.
This script is for educational purposes and authorized penetration testing only. Always seek explicit permission before running any penetration tests against a network or system.
Please use responsibly.