Crestron AirMedia AM-100 Traversal and Hashdump Metasploit Modules
Crestron AirMedia AM-100 Traversal and Hashdump Metasploit Modules
Two similar modules that take advantage of CVE-2016-5639 to dump hashes and retrieve files through path traversal. I made these modules separate because I wanted experience writing something that could “dump” hashes, correctly format them for cracking, and add them to the loot. Any suggestions welcome.
All credit for the original exposure and writeup of the vulnerabilities should go to Cylance, I guess:
https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2016-05-001.md