horizon3ai/CVE-2021-38647

Stars
234
Rank 170,701 (Top 4 %)
Language
Python
Created about 3 years ago
Updated about 3 years ago

horizon3ai/CVE-2021-38647

horizon3ai

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Proof on Concept Exploit for CVE-2021-38647 (OMIGOD)

OMIGOD

Proof on Concept Exploit for CVE-2021-38647 (OMIGOD)

For background information and context, read the our blog post detailing this vulnerability: https://www.horizon3.ai/news/blog/omigod

Details

CVE-2021-38647 is an unauthenticated RCE vulnerability effecting the OMI agent as root.

OMI agents are commonly found installed on Azure Linux servers when the following are in use:

Azure Automation
Azure Automatic Update
Azure Operations Management Suite
Azure Log Analytics
Azure Configuration Management
Azure Diagnostics

Usage

azureuser@linux:~$ python3 omigod.py -t 10.0.0.5 -c id
uid=0(root) gid=0(root) groups=0(root)

Example Output

Mitigations

Update and ensure the OMI agent is at version 1.6.8.1.

For Debian systems (e.g., Ubuntu): dpkg -l omi
For Redhat based system (e.g., Fedora, CentOS, RHEL): rpm -qa omi

Prior Research Credit

For more details see the original researchers' work: https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure

Disclaimer

This software has been created purely for the purposes of academic research and for the development of effective defensive techniques, and is not intended to be used to attack systems except where explicitly authorized. Project maintainers are not responsible or liable for misuse of the software. Use responsibly.

vcenter_saml_login

A tool to extract the IdP cert from vCenter backups and log in as Administrator

CVE-2022-40684

A proof of concept exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager

CVE-2022-39952

POC for CVE-2022-39952

CVE-2021-21972

Proof of Concept Exploit for vCenter CVE-2021-21972

CVE-2022-1388

POC for CVE-2022-1388

CVE-2022-22972

vRealizeLogInsightRCE

POC for RCE using vulnerabilities described in VMSA-2023-0001

CVE-2023-34362

MOVEit CVE-2023-34362

CVE-2022-47966

POC for CVE-2022-47966 affecting multiple ManageEngine products

proxyshell

Proof of Concept for CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207

CVE-2023-27524

Basic PoC for CVE-2023-27524: Insecure Default Configuration in Apache Superset

backup_dc_registry

A simple POC that abuses Backup Operator privileges to remote dump SAM, SYSTEM, and SECURITY

CVE-2023-34051

VMware Aria Operations for Logs CVE-2023-34051

CVE-2024-0204

Authentication Bypass in GoAnywhere MFT

CVE-2023-27532

POC for Veeam Backup and Replication CVE-2023-27532

CVE-2023-27350

Proof of Concept Exploit for PaperCut CVE-2023-27350

CVE-2022-28219

PoC for ManageEngine ADAudit Plus CVE-2022-28219

CVE-2023-48788

Fortinet FortiClient EMS SQL Injection

CVE-2023-38035

Ivanti Sentry CVE-2023-38035

CVE-2024-23108

CVE-2024-23108: Fortinet FortiSIEM Unauthenticated 2nd Order Command Injection

CVE-2021-44077

Proof of Concept Exploit for ManageEngine ServiceDesk Plus CVE-2021-44077

CVE-2023-34992

CVE-2023-34992: Fortinet FortiSIEM Command Injection Proof of Concept Exploit

CVE-2023-26067

Lexmark CVE-2023-26067

CVE-2024-1403

Progress OpenEdge Authentication Bypass

h3-cli

CLI tool for the Horizon3.ai API

CVE-2024-29824

Ivanti EPM SQL Injection Remote Code Execution Vulnerability

CVE-2021-44142

cyanide

SecureConnect-Auth-Bypass

An exploit proof of concept for ConnectWise SecureConnect authentication bypass vulnerability.