DblTekGoIPPwn is Tool to exploit challenge response system in vulnerable DblTek GoIP devices. Can generate responses to specified challenges, test hosts for the vulnerability, run commands on vulnerable hosts, and drop into a root shell on any vulnerable host.
+ On March 2nd, 2017, Trustwave released a vulnerability that security researchers found in the DblTek GoIP VoIP Phone. The vulnerability was a backdoor in the firmware for an account named ‘dbladm’. When a user entered this as their username in a telnet prompt, the system would present a challenge that when followed with the right response, gave the user a root shell on the system.
+ The problem with such a challenge response system is that the devices are as secure as the algorithm for generating the responses, which was reverse engineered from firmware binaries provided by DblTek. Using this algorithm, a root shell can be aquired on ANY DblTek GoIP device.
+ Visual Studio
git clone https://github.com/JacobMisirian/DblTekGoIPPwn && cd DblTekGoIPPwn
DblTekGoIPPwn --send-commands cmds.txt --file list.txt --output results.txt