OpenPLC 3 WebServer Authenticated Remote Code Execution.
The presence of Command Injection in Open PLC Webserver v3 enables remote attackers to run arbitrary code by exploiting the "Hardware Layer Code Box" component found on the "/hardware" page of the application. Only tested in Wifinetictwo.htb machine from hackthebox.
usage: openplc_exploit.py [-h] [--usage] --ip ADDR --port PORT --target URL -U USER -P PASSWORD
[--payload-program PAYLOAD_PROGRAM]
options:
-h, --help show this help message and exit
--usage show usage message
--ip ADDR ip address for the reverse connection
--port PORT port number to the reverse connection
--target URL target url. Example: http://localhost:8080
-U USER, --username USER
username to log int to openplc web server
-P PASSWORD, --password PASSWORD
password to log in to openplc web server
--payload-program PAYLOAD_PROGRAM
structured text openplc format to send to /upload-program