Home > Exploitation, Metasploit > Hacking Shoretel Converged Conferencing Bridge

Hacking Shoretel Converged Conferencing Bridge

This metasploit module was made with the help of Josh @savant42 for #thotcon
The methodology of this hack comes entirely from Josh. This metasploit module is made by both of us..

Thumbs up to Josh for coming up with this.

This post is based on Josh’s (@savant42) talk at #thotcon

In Shoretel Converged Conferencing Bridge, Monitoring> System Commands page is vulnerable to command injection

Another problem is that the backup job runs as root

This can be found under Configuration > Manual Server Backup

Based on these 2 vulnerabilities, this metasploit module is born.

A demo video of the metasploit module can be found here http://www.youtube.com/watch?v=SoIhK1HNn7M

The metasploit module can be found here http://pastebin.com/HszVqSNE

Below is a screenshot of the metasploit module in action

Categories: Exploitation, Metasploit
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: