Hello aspiring hackers. Today we will learn about the Serviio media server Command Execution Exploit. This exploit works on Serviio Media Server from versions 1.4.0 to 1.8.0 (1.8 is the present version, by the way). Serviio media server is a free media server which allows users to stream media files (music, video or images) to renderer devices like a TV set, Bluray player, gaming console or mobile phone on your connected home network. It is used by a number of organizations.
This media server has a console component which runs on port 23423 by default. This module exploits an unauthenticated remote command execution vulnerability in this console component. This is possible because the console service exposes a REST API whose endpoint does not sanitize user-supplied data in the ‘VIDEO’ parameter of the ‘checkStreamUrl’ method. This parameter is used in a call to cmd.exe which results in execution of arbitrary commands. Now let’s see how this exploit works.
So imagine a hacker while port scanning a specific port on multiple machines as shown below gets one positive result.
On performing a verbose scan with OS detection enabled to probe further, it is indeed clear that a Serviio Media Server is running on this specific port and our target OS is Windows, so we can use our exploit.
Start Metasploit and load the module as shown below.
He sets the target IP and checks if the target is vulnerable (Remember we know the target is using Serviio Media server but have no idea if it is a vulnerable version).
Once the “check” command confirms that the target is vulnerable, the other required options are set and the module is executed with “run” command. We directly get a meterpreter session with system privileges on our target. That’s asll in Serviio Media server Command Execution exploit. Want to learn how to hack Windows with HTA Webserver exploit.
1 thought on “Serviio Media Server Command Execution”
[…] and vice versa. This is the exact reason why this module has been introduced. For example, in our previous howto, we hacked a 64bit machine from a 32bit Kali Linux. So we have a 32bit meterpreter session on a […]
Comments are closed.