2017-02-16, 20:10
2017-02-17, 21:05
The second exploit (fetching /etc/passwd) only works because kodi runs as user root which is a really bad idea - just mentioning it ...
2017-02-17, 21:20
(2017-02-17, 21:05)Memphiz Wrote: [ -> ]The second exploit (fetching /etc/passwd) only works because kodi runs as user root which is a really bad idea - just mentioning it ...
you know you are wrong..
2017-02-17, 21:38
btw. a team kodi member told me today that it is possible to (re)-write files via kodi's webserver. is that true?
2017-02-17, 22:18
The webserver has no PUT or POST support with file access.
2017-02-18, 11:05
but if you can execute bash commands, can't you submit the content (new password) you'd like to inject via the GET request?
2017-02-18, 11:13
How do you execute bash commands? The webserver itself doesn't support that. If it's possible through JSON-RPC and Input.ExecuteAction that would be a problem with builtins.
2017-02-18, 12:07
(2017-02-17, 21:20)stefansaraev Wrote: [ -> ](2017-02-17, 21:05)Memphiz Wrote: [ -> ]The second exploit (fetching /etc/passwd) only works because kodi runs as user root which is a really bad idea - just mentioning it ...
you know you are wrong..
No i don't else i wouldn't have posted. Where is my error?
2017-02-18, 12:18
(2017-02-18, 12:07)Memphiz Wrote: [ -> ](2017-02-17, 21:20)stefansaraev Wrote: [ -> ](2017-02-17, 21:05)Memphiz Wrote: [ -> ]The second exploit (fetching /etc/passwd) only works because kodi runs as user root which is a really bad idea - just mentioning it ...
you know you are wrong..
No i don't else i wouldn't have posted. Where is my error?
/etc/passwd is readable for everyone, you're probably confusing it with /etc/shadow.
/etc/shadow contains the hashed passwords of all the users on the system and can only be read by root by default. One particular kodi distribution, openelec, runs Kodi as root by default. Instances of openelec can be found on the internet using Shodan
But hey, openelec uses a hardcoded root password anyway:
Quote:What is the SSH login?(http://wiki.openelec.tv/index.php/OpenEL...use_SSH.3F)
Shortcut: #SSH Login
Currently the login into OpenELEC has fixed settings.
Login: root
Password: openelec
Note that these values are case-sensitive.
so yeah, yolo
2017-02-19, 11:43
(2017-02-18, 11:13)Montellese Wrote: [ -> ]How do you execute bash commands? The webserver itself doesn't support that. If it's possible through JSON-RPC and Input.ExecuteAction that would be a problem with builtins.fritsch mentioned something about requesting an image via JSON-RPC and adding a pipe at the end to execute another command. He asked if someone running LE could test a certain request, so I assumed he wanted to give one of the mentioned exploits a try