Intel Active Management Exploit 2017-5689

The exploit can be found here: https://nvd.nist.gov/vuln/detail/CVE-2017-5689.

First we scan the client to check if 16992 is open.

Once identified, we can query the port to make sure it is Intels AMT:

The exploit is to do with POST requests for the login credentials. Sending a blank response, should allow you to bypass the login if the version is exploitable.

You can use tools such as Burp suite in order to intercept the traffic and change the response. You just need to remove, the highlighted text. so that it reads…. Response=””

Once in, you should be able to have some fun. You will have access to create user accounts (Back door) or to change the systems behavior. You might also be able to setup a remote session as seen here: https://www.prajwaldesai.com/control-remote-computers-using-intel-amt/

Related image

The worrying thing being that some of these are exposed to the internet, even today:

https://www.shodan.io/report/Y6symzwg

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: