Rapid7 Vulnerability & Exploit Database

Multi Gather Ubiquiti UniFi Controller Backup

Back to Search

Multi Gather Ubiquiti UniFi Controller Backup



On an Ubiquiti UniFi controller, reads the system.properties configuration file and downloads the backup and autobackup files. The files are then decrypted using a known encryption key, then attempted to be repaired by zip. Meterpreter must be used due to the large file sizes, which can be flaky on regular shells to read. Confirmed to work on 5.10.19 - 5.10.23, but most likely quite a bit more. If the zip can be repaired, the db and its information will be extracted.


  • h00die
  • zhangyoufu
  • justingist




Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.

– Jim O’Gorman | President, Offensive Security