Intel Active Management Exploit 2017-5689

The exploit can be found here:

First we scan the client to check if 16992 is open.

Once identified, we can query the port to make sure it is Intels AMT:

The exploit is to do with POST requests for the login credentials. Sending a blank response, should allow you to bypass the login if the version is exploitable.

You can use tools such as Burp suite in order to intercept the traffic and change the response. You just need to remove, the highlighted text. so that it reads…. Response=””

Once in, you should be able to have some fun. You will have access to create user accounts (Back door) or to change the systems behavior. You might also be able to setup a remote session as seen here:

Related image

The worrying thing being that some of these are exposed to the internet, even today:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a website or blog at

%d bloggers like this: