(telerik_rce_scan.py)
Assess an IP for CVE-2019-18935
$ python3 telerik_rce_scan.py -t 192.168.44.21
Assess a hostname for CVE-2019-18935
$ python3 telerik_rce_scan.py -t vulnerable.telerik.net
Assess a CIDR network range for CVE-2019-18935
$ python3 telerik_rce_scan.py -r 23.253.4.0/24
Assess a list of targerts
$ python3 telerik_rce_scan.py -iL hosts.txt
(http-telerik-vuln.nse)
Download to your nmap scripts directory (/usr/share/nmap/scripts/)
$ nmap --script-updatedb
nmap -sT -p443 --script=http-telerik-vuln 23.253.4.115
@mwulftange initially discovered this vulnerability. @bao7uo wrote all of the logic for breaking RadAsyncUpload encryption, which enabled manipulating the file upload configuration object in rauPostData and subsequently exploiting insecure deserialization of that object. And thanks to Noperator (@BishopFox) from whom I copped this language and the Legal Disclaimer below.
Usage of this tool for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state, and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.