DblTekGoIPPwn – Tool to exploits challenge response system in vulnerable DblTek GoIP devices.

DblTekGoIPPwn is Tool to exploit challenge response system in vulnerable DblTek GoIP devices. Can generate responses to specified challenges, test hosts for the vulnerability, run commands on vulnerable hosts, and drop into a root shell on any vulnerable host.

The Vulnerability
+ On March 2nd, 2017, Trustwave released a vulnerability that security researchers found in the DblTek GoIP VoIP Phone. The vulnerability was a backdoor in the firmware for an account named ‘dbladm’. When a user entered this as their username in a telnet prompt, the system would present a challenge that when followed with the right response, gave the user a root shell on the system.
+ The problem with such a challenge response system is that the devices are as secure as the algorithm for generating the responses, which was reverse engineered from firmware binaries provided by DblTek. Using this algorithm, a root shell can be aquired on ANY DblTek GoIP device.

DblTekGoIPPwn

Linux Dependencies:
+ Mono
Windows Dependencies:
+ Visual Studio

Usage:

git clone https://github.com/JacobMisirian/DblTekGoIPPwn && cd DblTekGoIPPwn
./install.sh
DblTekGoIPPwn --help
DblTekGoIPPwn --send-commands cmds.txt --file list.txt --output results.txt

Source: https://github.com/JacobMisirian

Source: Security List Network™ @ March 6, 2017 at 01:10AM

0