Ubiquiti airOS Arbitrary File Upload
Posted by deepcore on May 25, 2016 – 6:41 pm
This Metasploit module exploits a pre-auth file upload to install a new root user to /etc/passwd and an SSH key to /etc/dropbear/authorized_keys. FYI, /etc/{passwd,dropbear/authorized_keys} will be overwritten. /etc/persistent/rc.poststart will be overwritten if PERSIST_ETC is true. This method is used by the “mf” malware infecting these devices.
Post a reply
You must be logged in to post a comment.