/Mass-exploit-CVE-2022-29464

Mass Exploit for CVE 2022-29464 on Carbon

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

Meow Meow Meow!

Just a Mass Exploit based on a Python PoC for # WSO2 Carbon Server CVE-2022-29464
Pre-auth RCE bug CVE-2022-29464.

Meow Meow Meow? Requirements?


Python3
Shodan
Zoomeye
A Brain

What is this tool?

This is a mass-autoscan-exploit of CVE-2022-29464 based on the PoC wrote in python by a third part.
The Py file is available and readable, see also the bash script that don't contain any encoded string.
Massexploit will upload a shell and a reverse shell and print out the path to access it. Easy, Quick and Cool.
I know that probably the code could be wrote better and saving some lines, but i did it when i was drunk and just to do something.
So?
Just run:

./mass_exploit.sh

This command can setup your shodan and zoomeye tool, API included (if you want to skip the setup of tools or api, just press enter to skip.)
Then it start search for vulnerable hosts based on the dorks (examples are provided in the file examples_dorks.txt).
If you prefer, the manual mode is always available through the command below.
The mass_exploit.sh output will be printed in the shell screen.

PoC

python3 exploit.py -u host:port

or easily:

python3 exploit.py -f <file>

################################################################

Search tools:

Shodan

Get your account and an API Key here: https://account.shodan.io/

sudo apt-get install python-setuptools -y
sudo apt-get install pip -y
pip install shodan
easy_install shodan

Zoomeye

Get an account and your API Key here: https://www.zoomeye.org/

pip3 install git+https://github.com/knownsec/ZoomEye-python.git

Enjoy it

This tool has been provided just for accademic purposes. I am not responsible for any illegal action made with this code.
Electrolulz - https://github.com/electr0lulz - electrolulz@protonmail.com
Tested on a Ubuntu based O.S.