dash/APCUPS
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
7 Commits 1 Branch 0 Tags
1cffd165a181ebd4ef562bd78ef63c844f3db3bf
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
dash 1cffd165a1 markdown
2019-06-13 10:59:55 +02:00
README.md
markdown
2019-06-13 10:59:55 +02:00

README.md

APC UPS/USV

APCUPSD Information Leak

What is it?

This script abuses an unauthenticated information leak in the apcupsd daemon. The apcupsd daemon is part of the APC UPS/USV chain, it's job is to shutdown or keep your servers surviving, as long as it has battery power left.

What information can be gathered?

  • Operating System
  • Version of APCUPSD
  • Battery Status
  • SerialNumber
  • Firmware Version
  • USV Model
  • Shutdown times

and some more :)

Usage

There are two different supported modes in the daemon. Those are:

  • status
  • events

While status have detailed information about the daemon and its configuration itself, events covers power failures and alike.

./apcupsd_disclosure.py -h usage: apcupsd_disclosure.py 0.1 dash@undisclose.de June 2019 [-h] [-m MODE] -t TARGET [-p PORT] `` Lil' tool for Information Disclosure of apcupsd

optional arguments: -h, --help show this help message and exit -m MODE, --mode MODE define the mode, two modes exist: "status" and "events", default is "status" -t TARGET, --target TARGET define the target -p PORT, --port PORT define the target port`

Get the status information (you do not need the -m option as status is default): ./apcupsd_disclosure.py -t 127.0.0.1 -m status

Get the events: ./apcupsd_disclosure.py -t 127.0.0.1 -m events

Shodan

Search: https://www.shodan.io/search?query=port%3A3551 Results: 26,000

Disclaimer

Don't do evil.

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 35 KiB
Languages
Python 100%