目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CVE-2022-39986 PoC — RaspAP 命令注入漏洞

来源
https://github.com/mind2hex/RaspAP_Hunter
关联漏洞
标题:RaspAP 命令注入漏洞 (CVE-2022-39986)
Description:RaspAP是应用软件基于 Debian 的设备的简单无线 AP 设置和管理 RaspAP 2.8.0至2.8.7版本存在安全漏洞,该漏洞源于存在命令注入漏洞。允许攻击者通过参数cfg_id执行任意命令。
Description
bash script for automated discovery and exploitation of machines with the CVE-2022-39986 vulnerability
介绍
# RaspAP Hunter

RaspAP Hunter is a Bash script designed to scan for RaspAP installations and test them for a specific vulnerability CVE-2022-39986.

```
    ____                       ___     ____ 
   / __ \ ____ _ _____ ____   /   |   / __ \
  / /_/ // __ `// ___// __ \ / /| |  / /_/ /
 / _, _// /_/ /(__  )/ /_/ // ___ | / ____/ 
/_/ |_| \__,_//____// .___//_/  |_|/_/      
    __  __         /_/   __                    author: mind2hex
   / / / /__  __ ____   / /_ ___   _____    
  / /_/ // / / // __ \ / __// _ \ / ___/    
 / __  // /_/ // / / // /_ /  __// /        
/_/ /_/ \__,_//_/ /_/ \__/ \___//_/         
                                                         c=====e
   ____________                                         _,,_H__
  (__((__((___()    CVE-2022-39986                     //|     |
 (__((__((___()()_____________________________________// |ACME |
(__((__((___()()()------------------------------------/  |_____|

```

## Features
1. **Requirements Checking**: Checks for necessary dependencies and provides instructions for installation if missing.
3. **Shodan Integration**: Downloads and parses target IP addresses with RaspAP from Shodan.
4. **Vulnerability Scanning**: Scans for the specific CVE and provides feedback on vulnerable IPs.
5. **Reverse Shell Spawning**: Allows the user to spawn a reverse shell on a vulnerable target.

## Prerequisites

- shodan
- jq
- python
- ngrok
- terminator

## Usage

1. Clone this repository or download the script `raspap_hunter.sh`.
2. Make the script executable:

    ```bash
    chmod +x raspap_hunter.sh
    ```

3. Run the script:

    ```bash
    ./raspap_hunter.sh
    ```

## Notes

- Ensure that `php-reverse-shell.php` is available in the working directory or it will be downloaded from the provided URL.
- Make sure to configure Shodan with your API key.
- Follow the instructions if missing dependencies.

## Author

mind2hex

## Disclaimer

This script is for educational and research purposes only. Do not use this against any systems without explicit permission.

## License

Please see the license file in the repository.
文件快照

 [4.0K]  /data/pocs/d873afbf1358ae861eb432cd97788ba4e73c3980
├── [ 34K]  LICENSE
├── [5.4K]  php-reverse-shell.php
├── [9.0K]  raspap_hunter.sh
└── [2.1K]  README.md

0 directories, 4 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
    3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →