Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/JoelGMSec/Thunderstorm

Modular framework to exploit UPS devices
https://github.com/JoelGMSec/Thunderstorm

exploit rce rce-exploit rce-scanner ups

Last synced: 22 days ago
JSON representation

Modular framework to exploit UPS devices

Host: GitHub
URL: https://github.com/JoelGMSec/Thunderstorm
Owner: JoelGMSec
License: gpl-3.0
Created: 2023-03-01T09:44:07.000Z (almost 2 years ago)
Default Branch: main
Last Pushed: 2023-03-01T10:14:43.000Z (almost 2 years ago)
Last Synced: 2024-11-18T01:09:50.841Z (25 days ago)
Topics: exploit, rce, rce-exploit, rce-scanner, ups
Language: Python
Homepage: https://darkbyte.net
Size: 302 KB
Stars: 61
Watchers: 5
Forks: 7
Open Issues: 0
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE

Awesome Lists containing this project

awesome-hacking-lists - JoelGMSec/Thunderstorm - Modular framework to exploit UPS devices (Python)

README

Thunderstorm

# Thunderstorm
**Thunderstorm** is a modular framework to exploit UPS devices.

For now, only the CS-141 and NetMan 204 exploits will be available. The beta version of the framework will be released on the future.

# CVE
Thunderstorm is currently capable of exploiting the following CVE:

- CVE-2022-47186 – Unrestricted file Upload # [CS-141]
- CVE-2022-47187 – Cross-Site Scripting via File upload # [CS-141]
- CVE-2022-47188 – Arbitrary local file read via file upload # [CS-141]
- CVE-2022-47189 – Denial of Service via file upload # [CS-141]
- CVE-2022-47190 – Remote Code Execution via file upload # [CS-141]
- CVE-2022-47191 – Privilege Escalation via file upload # [CS-141]
- CVE-2022-47192 – Admin password reset via file upload # [CS-141]
- CVE-2022-47891 – Admin password reset # [NetMan 204]
- CVE-2022-47892 – Sensitive Information Disclosure # [NetMan 204]
- CVE-2022-47893 – Remote Code Execution via file upload # [NetMan 204]

# Requirements
- Python 3
- Install requirements.txt

# Download
It is recommended to clone the complete repository or download the zip file.
You can do this by running the following command:
```
git clone https://github.com/JoelGMSec/Thunderstorm
```

Also, you probably need to download the original and the custom firmware.
You can download all requirements from here:
https://darkbyte.net/links/thunderstorm.php

# Usage
```
- To be disclosed

```

### The detailed guide of use can be found at the following link:

- To be disclosed

# License
This project is licensed under the GNU 3.0 license - see the LICENSE file for more details.

# Credits and Acknowledgments
This tool has been created and designed from scratch by Joel Gámez Molina // @JoelGMSec

# Contact
This software does not offer any kind of guarantee. Its use is exclusive for educational environments and / or security audits with the corresponding consent of the client. I am not responsible for its misuse or for any possible damage caused by it.

For more information, you can find me on Twitter as [@JoelGMSec](https://twitter.com/JoelGMSec) and on my blog [darkbyte.net](https://darkbyte.net).

# Support
You can support my work buying me a coffee:

[](https://www.buymeacoffee.com/joelgmsec)