Thunderstorm – Modular Framework To Exploit UPS Devices
Thunderstorm is a modular framework to exploit UPS devices.
For now, only the CS-141 and NetMan 204 exploits will be available. The beta version of the framework will be released on the future.
CVE
Thunderstorm is currently capable of exploiting the following CVE:
- CVE-2022-47186 – Unrestricted file Upload # [CS-141]
- CVE-2022-47187 – Cross-Site Scripting via File upload # [CS-141]
- CVE-2022-47188 – Arbitrary local file read via file upload # [CS-141]
- CVE-2022-47189 – Denial of Service via file upload # [CS-141]
- CVE-2022-47190 – Remote Code Execution via file upload # [CS-141]
- CVE-2022-47191 – Privilege Escalation via file upload # [CS-141]
- CVE-2022-47192 – Admin password reset via file upload # [CS-141]
- CVE-2022-47891 – Admin password reset # [NetMan 204]
- CVE-2022-47892 – Sensitive Information Disclosure # [NetMan 204]
- CVE-2022-47893 – Remote Code Execution via file upload # [NetMan 204]
Requirements
- Python 3
- Install requirements.txt
Download
It is recommended to clone the complete repository or download the zip file. You can do this by running the following command:
git clone https://github.com/JoelGMSec/Thunderstorm
Also, you probably need to download the original and the custom firmware. You can download all requirements from here: https://darkbyte.net/links/thunderstorm.php
Usage
- To be disclosed
The detailed guide of use can be found at the following link:
- To be disclosed
License
This project is licensed under the GNU 3.0 license – see the LICENSE file for more details.
Credits and Acknowledgments
This tool has been created and designed from scratch by Joel Gámez Molina // @JoelGMSec
Contact
This software does not offer any kind of guarantee. Its use is exclusive for educational environments and / or security audits with the corresponding consent of the client. I am not responsible for its misuse or for any possible damage caused by it.
For more information, you can find me on Twitter as @JoelGMSec and on my blog darkbyte.net.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon using the button below
To keep up to date follow us on the below channels.