module
Multi Gather Ubiquiti UniFi Controller Backup
| Disclosed | Created |
|---|---|
| N/A | May 15, 2019 |
Disclosed
N/A
Created
May 15, 2019
Description
On an Ubiquiti UniFi controller, reads the system.properties configuration file
and downloads the backup and autobackup files. The files are then decrypted using
a known encryption key, then attempted to be repaired by zip. Meterpreter must be
used due to the large file sizes, which can be flaky on regular shells to read.
Confirmed to work on 5.10.19 - 5.10.23, but most likely quite a bit more.
If the zip can be repaired, the db and its information will be extracted.
and downloads the backup and autobackup files. The files are then decrypted using
a known encryption key, then attempted to be repaired by zip. Meterpreter must be
used due to the large file sizes, which can be flaky on regular shells to read.
Confirmed to work on 5.10.19 - 5.10.23, but most likely quite a bit more.
If the zip can be repaired, the db and its information will be extracted.
Authors
h00die
zhangyoufu
justingist
zhangyoufu
justingist
Platform
Linux,OSX,Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.