header-logo
Suggest Exploit
vendor:
IP3
by:
r00t
8.8
CVSS
HIGH
Forcing into shell
N/A
CWE
Product Name: IP3
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

NetAccess IP3 – Force into shell

NetAccess IP3 is a device created for high demand environments such as convention centers or hotels. It handles the Internet access and provides for instance firewalling, billing, rate-limiting as well as various authentication mechanisms. The device is administrated via SSH or a web-based GUI. An attacker can force into shell by logging into the IP3's IP address, selecting the 'ping' option (usually menu item 5), and pinging the address: localhost && sh. After four pings to localhost, shell will be forced open.

Mitigation:

Ensure that the IP3 is configured with the latest security patches and updates.
Source

Exploit-DB raw data:

###############################################################
#NetAccess IP3 - Force into shell
#By: r00t
#Shouts: G., Tee, ES, s1ngl3, and D1g1t5
#
###############################################################
#Requirements: Remote access to an IP3
#              Any level control panel username/password
#
###############################################################
#Vendor Information:
#Thanks to Sebastian Wolfgarten (sebastian at wolfgarten dot com)
#for including vendor information in his AFD vuln
#
#"IP3's NetAccess is a device created for high demand environments such as
#convention centers or hotels. It handles the Internet access and
#provides for instance firewalling, billing, rate-limiting as well as
#various authentication mechanisms. The device is administrated via SSH
#or a web-based GUI."
#
###############################################################

1. SSH into the IP3's IP address
2. After logging in, select the "ping" option (usually menu item 5)
3. Ping the address: localhost && sh
4. After four pings to localhost, shell will be forced open

One may think there are limitations once logged into shell without
root access on an IP3.  Wrong.

# milw0rm.com [2009-09-15]

Navigation

Suggest Exploit

Services By CQR