CVE-2019-17240

Password Brute-Forcing Script for CVE-2019-17240 This Python script is an example of a password brute-forcing tool that targets the CVE-2019-17240 vulnerability in a web application It tries to log in to an admin page using a list of passwords from a file, until it finds the correct password for the given username Usage To use this script, you will need to modify the followin

Better version of rastating.github.io/bludit-brute-force-mitigation-bypass/

Bludit-CVE-2019-17240-Fork Better version of "rastatinggithubio/bludit-brute-force-mitigation-bypass/" Pretty easy to use you'll only have to do : python3 BBFMBpy Then it'll ask you for the URL then the Username then the directory of the Wordlist cheese nom nom

Bludit 3.9.2 - bruteforce bypass - CVE-2019-17240

Bludit-3-9-2-bb Bludit 392 - bruteforce bypass - CVE-2019-17240 Very simple script based on CVE-2019-17240 Original POC and explanation: bludit/bludit#1090 usage: python /bludit-3-9-2-bbpy -l 'sitenamecom/admin/login' -u /usernames_file_listtxt -p /passwords_file_listtxt -l : login page (example: 192168150/admin/login) -u : file with us

This is the exploit of CVE-2019-17240.

CVE-2019-17240 Exploit Versions prior to and including 392 of the Bludit CMS are vulnerable to a bypass of the anti-brute force mechanism that is in place to block users that have attempted to incorrectly login 10 times or more The vulnerability was discovered by Rastating Submitting a login request with an X-Forwarded-For header value of a changing string(spoofed string) w

Bludit <= 3.9.2 - Authentication Bruteforce Mitigation Bypass Exploit/PoC

CVE-2019-17240 Exploit/PoC - Bludit Brute-force Mitigation Bypass Exploit Code for CVE-2019-17240 aka Bludit &lt;= 392 Bruteforce Mitigation Bypass Exploit Links: [ExploitDB-48942] [PacketStorm] Expected outcome: Discover login credentials, bypassing Brute-force Mechanism on host running Bludit &lt;=392 Intended only for educational and testing in corporate enviro

exploits-and-stuff Bludit392PassBruteForcepy Bypasses anti-brute forcing mechanism of Bludit CMS v 392 and brute forces a working password CVE-2019-17240 : Check rastating's blog for more information UsernameMapScriptpy Exploits RCE vulnerability in Samba v 3020-3025rc3, through username map script configuration and sends a reverse shell to the attacker CVE-2

Bludit <= 3.9.2 - Authentication Bruteforce Mitigation Bypass Exploit/PoC

CVE-2019-17240 Exploit/PoC - Bludit Brute-force Mitigation Bypass Exploit Code for CVE-2019-17240 aka Bludit &lt;= 392 Bruteforce Mitigation Bypass Exploit Links: [ExploitDB-48942] [PacketStorm] Expected outcome: Discover login credentials, bypassing Brute-force Mechanism on host running Bludit &lt;=392 Intended only for educational and testing in corporate enviro

Bludit <= 3.9.2 - Authentication Bruteforce Mitigation Bypass

Bludit Auth BF mitigation bypass exploit / PoC Bludit &lt;= 392 - Authentication Bruteforce Mitigation Bypass Exploit / PoC for CVE-2019-17240 [EDB-48746] [PacketStorm] [WLB-2020080094] Usage $ ruby exploitrb --help Bludit &lt;= 392 - Authentication Bruteforce Mitigation Bypass Usage: exploitrb -r &lt;url&gt; -u &lt;username&gt; -w &lt;pa

Bypass bludit mitigation login form and upload malicious to call a rev shell

bludit-CVE-2019-17240 Bypass bludit mitigation login and upload malicious to call a rev shell

A collection of python scripts for making life easier

python-pearls A collection of python scripts for making life easier Contains automation scripts for many things including exploit POCs and other userful red- and blue-team tools CVE-2019-17240_bludit-392_pwd-bruteforce_multipy: A tool for brute-forcing the Admin portal login of Bludit CMS 392 or earlier CVE-2018-1000854_exploitpy: Tool for remote code execution in ex

BluditBruteforcer What is this? This is a quick bruteforcing tool I wrote to work on the Bludit CMS platform to exploit CVE-2019-17240 bl-kernel/securityclassphp in Bludit 392 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers How to use? git clone githubcom/TikvahTerminator/Blud

This is the exploit of CVE-2019-17240.

CVE-2019-17240 Exploit Versions prior to and including 392 of the Bludit CMS are vulnerable to a bypass of the anti-brute force mechanism that is in place to block users that have attempted to incorrectly login 10 times or more The vulnerability was discovered by Rastating Submitting a login request with an X-Forwarded-For header value of a changing string(spoofed string) w

Bludit &lt;= 3922 - Bruteforce Mitigation Bypass This is small project where I rewrite this python script into golang Purpose of this project was to learn Golang and understand how this exploit work Usage $ /brutepass -sdasds flag provided but not defined: -sdasds Usage of /brutepass: -c int Thread

Bludit <= 3.9.2 - Authentication Bruteforce Mitigation Bypass Exploit/PoC

CVE-2019-17240 Exploit/PoC - Bludit Brute-force Mitigation Bypass Exploit Code for CVE-2019-17240 aka Bludit &lt;= 392 Bruteforce Mitigation Bypass Exploit Links: [ExploitDB-48942] [PacketStorm] Expected outcome: Discover login credentials, bypassing Brute-force Mechanism on host running Bludit &lt;=392 Intended only for educational and testing in corporate enviro

Bludit 3.9.2 auth bruteforce bypass

CVE-2019-17240 Bludit 392 auth bruteforce bypass

Bludit 3.9.2 - Remote command execution - CVE-2019-16113

Bludit 392 - Remote command execution - CVE-2019-16113 This exploit combines two exploits in Bludit CMS 392 to gain remote code execution on the target system The original exploits are CVE-2019-17240 &amp; CVE-2019-16113 Features Bruteforce password + RCE Bruteforce username:password + RCE Reproduce Setup Bludit 392 CMS Configure login details run the exploit: p

Bludit 3.9.2 - Remote command execution - CVE-2019-16113

Bludit 392 - Remote command execution - CVE-2019-16113 This exploit combines two exploits in Bludit CMS 392 to gain remote code execution on the target system The original exploits are CVE-2019-17240 &amp; CVE-2019-16113 Features Bruteforce password + RCE Bruteforce username:password + RCE Reproduce Setup Bludit 392 CMS Configure login details run the exploit: p

Python3 Tools that may be useful to pen testers

Python3-Tools This is a collection of tools InfoSec people may use fibonnacipy is a simple function that InfoSec people would not use I just really like it is all CVE-2019-17240py is a CVE script I expanded on to practice some python 3 Original template for this script is located HERE # The below command will prompt you for the required values since no args are specified

Personal collections of tools gathered over time, either self made or mash-ups of findings that fit my need.

Tooling Own collection of various self made tools Directory structure should be self-explanatory Protocol tools LFI Tool SMTP Enum Imap extraction OS tools Windows C++ Reverse shell DNSAdmin Privesc + Reverse shell VNC password decoder Generic Python privesc + reverse shell (sudo SETENV) Exploits CVE-2019-17240: Login bruteforce (bypass) Crypto Ceasar algorit

python-pearls A collection of python scripts for making life easier Contains automation scripts for many things including exploit POCs and other userful red- and blue-team tools CVE-2019-17240_bludit-392_pwd-bruteforce_multipy: A tool for brute-forcing the Admin portal login of Bludit CMS 392 or earlier CVE-2018-1000854_exploitpy: Tool for remote code execution in ex