You can even listen a port on OpenDreamBox server with the help of nc command and can back connect with your Kali Linux machine as a reverse shell connection. Mostly an attacker can issue system commands, write, delete or read files or connect to databases. Well this RCE seems to be very easy but what’s next after this?Īn attacker who is able to execute such a flaw is usually able to execute commands with the privileges of the programming language or the web server. You can even view the contents of /etc/shadow or /etc/passwd file.
![dreambox hacking dreambox hacking](http://idata.over-blog.com/3/96/82/16/Enigma2/DM800se_hdd_1.jpg)
This type of a vulnerability can make a system viable to high levels of exploitation as it makes the target machine exposed to running of sorts of commands that can be capable of taking over the entire machine and destruct it down. When these kind of arbitrary commands are executed on target machines over very big networks like the Internet, we call it Remote Code Execution.įurthermore, you can all Linux commands like whoami, uname -a etc Go to Extras Tab, and check whether WebAdmin Plugin is installed or not as shown in left hand side under WebPlugins.įrom the address bar run Linux commands using the syntax: “Linux_command” as shown below:įor Example, if you want to run id command then the URL address will be: Next you’ll see the below welcome screen of OpenDreamBox which shows some kind of Web Control mechanism. In first step, you need to find out the server running OpenDreambox project version 2.0.0 with the help of Shodan Search Engine by searching query “DreamBox” 200 OK as shown below: Suggested Read: Apache Struts OGNL Code Execution Vulnerability – CVE-2017-9791 In this OpenDreambox Project, there is a webadmin module which is vulnerable to Remote Code Execution vulnerability through which you can perform command injection via script.py file.
![dreambox hacking dreambox hacking](http://www.rfgsoftware.com/wp-content/uploads/2016/05/Screenshots_3.jpg)
The OpenDreambox project aims to bring an open and extensible image to the Dreambox receivers and to provided viable alternatives to other images that are kept closed-source by their authors.