Skip to content

kuburan/contexploit

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
contexploit.py
contexploit.py
 
 
requirement.txt
requirement.txt
 
 

Repository files navigation

Vulnerability description

the Vulnerability allow unauthenticated attacker to remotely bypass authentication and added new user without confirming.
after Successfully added new users, the attacker can control anything (lamps, doors, air conditioner, etc)

Contec smart home Unauthorized Users Added
Affected version : 4.15

want to know more about Contec Smart Home system ?
http://contec.co.il/en/

Installation steps

require 2 modules (bs4, requests)

Root@Linux: ~# pip install -r requirement.txt
or
Root@Linux: ~# pip install bs4 requests

Work in both python 2.x and 3.x
Tested on Linux and MAC os

Usage

to view users list
Root@Linux: ~# python ./contexploit.py -t http://(ip):(port) --list-user

to added new user
Root@Linux: ~# python ./contexploit.py -t http://(ip):(port) -u (NewUser) -p (NewPassword)

About

Contec Smart Home unauthorized user added

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%