Telewreck - A Burp Extension To Detect And Exploit Versions Of Telerik Web UI Vulnerable To CVE-2017-9248
A Burp extension to detect and exploit versions of Telerik Web UI vulnerable to CVE-2017-9248. This extension is based on the original exploit tool written by Paul Taylor (@bao7uo) which is available at https://github.com/bao7uo/dp_crypto. Credits and big thanks to him.
A related blog post on how to exploit web applications via Telerik Web UI can also be found here.
Features
- Detect vulnerable versions of Telerik Web UI during passive scans.
- Bruteforce the key and discover the "Document Manager" link just like the original exploit tool.
Screenshots
Installation
- Download telewreck.py to your machine.
- Install Python's requests module using
sudo pip install requests
. - On your Burp, go to Extender > Options tab. Then under the Python Environment section, locate your jython-standalone-2.7.0.jar file (1) and the directory where Python's requests module is located (2).
- Go to Extender > Extensions tab, then click on the Add button. On the new window, browse the location of telewreck.py and click the Next button.
- If there's any error, the Telewreck tab would appear in your Burp.
Notes
- This extension requires Python's requests module. Just run
pip install requests
to install it. - The text area under Telewreck tab doesn't function as a console. So,
stoud
andstderr
outputs cannot be seen there. However, you can view them under the Output and Errors sections of the Extender tab. - Before running another bruteforce, cancel the current process first by clicking the Cancel button.
- If the key can't be bruteforced, then probably the key has been set up securely and/or the application is not using a default installation of Telerik.
- If the key can't be bruteforced and/or there are some issues, it's recommended to fall back to the original exploit tool.
Telewreck - A Burp Extension To Detect And Exploit Versions Of Telerik Web UI Vulnerable To CVE-2017-9248
Reviewed by Zion3R
on
10:33 AM
Rating: