A sequel to the last post of what is now becoming a series of “From Shodan to remote code execution”, we now take a look at how to hack misconfigured Dreambox installations. Dreambox is a company which offers Digital TV set top boxes and other related services.
Perform a shodan search as below:
Go through the portals in the search results. The indicator of a vulnerable dreambox installation is the presence of webadmin plugin as below:
From the address bar run linux commands using the syntax: http://IP/PORT/webadmin/script?command=|”linux_command” as shown below:
Credits: Jonatas Fil, the discoverer of the vulnerability.