59 lines
1.5 KiB
Markdown
59 lines
1.5 KiB
Markdown
# APC UPS/USV
|
|
|
|
## APCUPSD Information Leak
|
|
|
|
### What is it?
|
|
|
|
This script abuses an unauthenticated information leak in the apcupsd daemon.
|
|
The apcupsd daemon is part of the APC UPS/USV chain, it's job is to shutdown or keep your
|
|
servers surviving, as long as it has battery power left.
|
|
|
|
### What information can be gathered?
|
|
|
|
* Operating System
|
|
* Version of APCUPSD
|
|
* Battery Status
|
|
* SerialNumber
|
|
* Firmware Version
|
|
* USV Model
|
|
* Shutdown times
|
|
|
|
and some more :)
|
|
|
|
### Usage
|
|
|
|
There are two different supported modes in the daemon. Those are:
|
|
* status
|
|
* events
|
|
|
|
While status have detailed information about the daemon and its configuration itself, events covers power failures and alike.
|
|
|
|
`./apcupsd_disclosure.py -h
|
|
usage: apcupsd_disclosure.py 0.1 dash@undisclose.de June 2019`
|
|
`[-h] [-m MODE] -t TARGET [-p PORT]`
|
|
``
|
|
` Lil' tool for Information Disclosure of apcupsd`
|
|
|
|
optional arguments:
|
|
-h, --help show this help message and exit
|
|
-m MODE, --mode MODE define the mode, two modes exist: "status" and
|
|
"events", default is "status"
|
|
-t TARGET, --target TARGET
|
|
define the target
|
|
-p PORT, --port PORT define the target port`
|
|
|
|
Get the status information (you do not need the -m option as status is default):
|
|
`./apcupsd_disclosure.py -t 127.0.0.1 -m status`
|
|
|
|
Get the events:
|
|
`./apcupsd_disclosure.py -t 127.0.0.1 -m events`
|
|
|
|
### Shodan
|
|
|
|
Search: https://www.shodan.io/search?query=port%3A3551
|
|
Results: 26,000
|
|
|
|
## Disclaimer
|
|
|
|
Don't do evil.
|