Remote Root Exploit for WePresent WiPG 1000, 1500, 2000 Devices.
This is a trivial remote root exploit that targets the WePresent WiPG 1000, 1500, and 2000 devices. It implements the command injection vulnerability (preauth) mentioned in this advisory to get a root shell on the device using the built in netcat executable present.
Just run the exploit with the URL of the device, your connectback host, and your connectback port.
You can get a TTY by doing the following:
stty -echo raw; nc -l -v -p 6666 ; stty sane to start a listener.
Next, when you get a shell, it won't work properly. So type in "script /dev/null" and hit CTRL+J.
Next, type "reset" and you SHOULD have a TTY.
If all else fails just use the shitty netcat shell to stage a better payload that does deliver a TTY.
Screenshots of Use/Example Use
Licenced under the WTFPL