Just a Mass Exploit based on a Python PoC for # WSO2 Carbon Server CVE-2022-29464
Pre-auth RCE bug CVE-2022-29464.
Python3
Shodan
Zoomeye
A Brain
This is a mass-autoscan-exploit of CVE-2022-29464 based on the PoC wrote in python by a third part.
The Py file is available and readable, see also the bash script that don't contain any encoded string.
Massexploit will upload a shell and a reverse shell and print out the path to access it. Easy, Quick and Cool.
I know that probably the code could be wrote better and saving some lines, but i did it when i was drunk and just to do something.
So?
Just run:
./mass_exploit.sh
This command can setup your shodan and zoomeye tool, API included (if you want to skip the setup of tools or api, just press enter to skip.)
Then it start search for vulnerable hosts based on the dorks (examples are provided in the file examples_dorks.txt).
If you prefer, the manual mode is always available through the command below.
The mass_exploit.sh output will be printed in the shell screen.
python3 exploit.py -u host:port
or easily:
python3 exploit.py -f <file>
################################################################
Get your account and an API Key here: https://account.shodan.io/
sudo apt-get install python-setuptools -y
sudo apt-get install pip -y
pip install shodan
easy_install shodan
Get an account and your API Key here: https://www.zoomeye.org/
pip3 install git+https://github.com/knownsec/ZoomEye-python.git
This tool has been provided just for accademic purposes. I am not responsible for any illegal action made with this code.
Electrolulz - https://github.com/electr0lulz - electrolulz@protonmail.com
Tested on a Ubuntu based O.S.