WARNING : This knowledge is only for ethical purposes. Misuse this info at your own risk.
Good morning ethical hackers. Polycom HDX devices are popular worldwide for video conferencing. They are fit for meeting rooms and conference halls of various sizes as they support 1 to 3 displays. The login component of the Polycom Command Shell on Polycom HDX video endpoints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prompt without authentication.
So when all the conventional methods to get access to a network, this can work as an entry point of course if they are using this product. Let us see how this can be used in our pen test. Start Metasploit and load the exploit as shown below.
Set the target and check if it’s vulnerable as shown below using “check” command.
You can use the default payload or choose the required payload.…
This has been developed to aid in the exploitation of Linux sudo rules. However, it should also be used in learning how to secure your sudo rules! Download git clone https://github.com/Critical-Start/FallofSudo.git
This script has two functions: Informational: By passing the -i command argument the program will show you how to exploit the specific sudo rule you are facing. This is the safest and most preferred way to use this script.Autopwn: By passing the -a command argument the program will auto exploit the specific sudo rule you are facing. By careful using this argument and ensure you know what you are doing!Copyright (c) 2018 Critical Start Source: https://github.com/Critical-Start/