CVE-2021-22911

Authenticated RocketChat 3.12.1 Reverse Shell

Authenticated RocketChat 3121 Reverse-Shell - CVE-2021-22911 Authenticated RocketChat 3121 Reverse Shell - CVE-2021-22911 Based On: githubcom/CsEnox/CVE-2021-22911 Quick exploit to get a reverse shell if credentials were adquired Tested on RocketChat 2414 Usage: python3 exploitpy -t <TARGET URL> -u <USERNAME> -p <PASSWORD&

CVE-2021-22911 If you have already registered a user this will only reset the admin password, and not both Making the exploit run much faster python3 exploitpy -u test -a admin@rocketthm -t chatrocketthm -i 1010424 -p 80

exploit for CVE-2021-22911 in rust

CVE-2021-22911 A rust proof of concept for this CVE Used as part of tryhackmecom/room/rocket, a CTF boot to root on the TryHackMe learning platform To use, update the constants in mainrs and run, and it should work straight off Requires that you have the admin email address and username, plus that MFA is not enabled Based on wwwexploit-dbcom/exploits/499

Full unauthenticated RCE proof of concept for Rocket.Chat 3.12.1 CVE-2021-22911

RocketChat Automated Unauthenticated Account Takeover to RCE (CVE-2021-22911) Full unauthenticated RCE proof of concept for RocketChat 3121 CVE-2021-22911 The original PoC created by Enox Currently this only works for accounts without 2FA I will be adding 2FA bypasses shortly Created by optional optional's Twitter

Modifed ver of the original exploit to save some times on password reseting for unprivileged user

CVE-2021-22911 Modifed ver of the original exploit to save some times on password reseting for unprivileged user The script assumes that you can register the account or already know credentials of unprivileged users Change the password to the valid password on line: 63,73,96 Original exploit: wwwexploit-dbcom/exploits/49960

CVE-2021-22911 Pre-Auth Blind NoSQL Injection leading to Remote Code Execution in Rocket Chat 3121 The getPasswordPolicy method is vulnerable to NoSQL injection attacks and does not require authentication/authorization It can be used to take over accounts by leaking password reset tokens Taking over an admin account leads to Remote Code Execution Explanation Hijacking u

Pre-Auth Blind NoSQL Injection leading to Remote Code Execution in Rocket Chat 3.12.1

CVE-2021-22911 Pre-Auth Blind NoSQL Injection leading to Remote Code Execution in Rocket Chat 3121 The getPasswordPolicy method is vulnerable to NoSQL injection attacks and does not require authentication/authorization It can be used to take over accounts by leaking password reset tokens Taking over an admin account leads to Remote Code Execution Explanation Hijacking u

CVE-2021-22911 요약 Rockerchat은 오픈소스 팀 채팅 플랫폼이다 Rocket Chat 3121~3132에서는 해당 getPasswordPolicy 방식이 NoSQL Injection 공격에 취약하며 인증/권한 부여가 필요하지 않음 비밀번호 재설정 토큰을 유출하여 일반 사용자 계정을 탈취하는 데 사용될 수 있음 환경 구성 및 실행 wget https

Full unauthenticated RCE proof of concept for Rocket.Chat 3.12.1 CVE-2021-22911

RocketChat Automated Unauthenticated Account Takeover to RCE (CVE-2021-22911) Full unauthenticated RCE proof of concept for RocketChat 3121 CVE-2021-22911 The original PoC created by Enox Currently this only works for accounts without 2FA I will be adding 2FA bypasses shortly Created by optional optional's Twitter

CVE-2021-22911 요약 Rockerchat은 오픈소스 팀 채팅 플랫폼이다 Rocket Chat 3121~3132에서는 해당 getPasswordPolicy 방식이 NoSQL Injection 공격에 취약하며 인증/권한 부여가 필요하지 않음 비밀번호 재설정 토큰을 유출하여 일반 사용자 계정을 탈취하는 데 사용될 수 있음 환경 구성 및 실행 wget https