1.5 KiB
1.5 KiB
APC UPS/USV
APCUPSD Information Leak
What is it?
This script abuses an unauthenticated information leak in the apcupsd daemon. The apcupsd daemon is part of the APC UPS/USV chain, it's job is to shutdown or keep your servers surviving, as long as it has battery power left.
What information can be gathered?
- Operating System
- Version of APCUPSD
- Battery Status
- SerialNumber
- Firmware Version
- USV Model
- Shutdown times
and some more :)
Usage
There are two different supported modes in the daemon. Those are:
- status
- events
While status have detailed information about the daemon and its configuration itself, events covers power failures and alike.
usage: apcupsd_disclosure.py 0.1 dash@undisclose.de June 2019
[-h] [-m MODE] -t TARGET [-p PORT]
Lil' tool for Information Disclosure of apcupsd```
optional arguments:
-h, --help show this help message and exit
-m MODE, --mode MODE define the mode, two modes exist: "status" and
"events", default is "status"
-t TARGET, --target TARGET
define the target
-p PORT, --port PORT define the target port`
Get the status information (you do not need the -m option as status is default):
`./apcupsd_disclosure.py -t 127.0.0.1 -m status`
Get the events:
`./apcupsd_disclosure.py -t 127.0.0.1 -m events`
### Shodan
Search: https://www.shodan.io/search?query=port%3A3551
Results: 26,000
## Disclaimer
Don't do evil.