CVE-2023-42793 – TeamCity Admin Account Creation lead to RCE exploit script Description This script exploits CVE-2023-42793 to create an admin account on a TeamCity server. It sends a POST request to the target URL to create an admin user with specified or random credentials. Usage bash python exploit.py -u <URL> [-v] [-n <USERNAME>] [-p <PASSWORD>] [-e <EMAIL>] Options -u, –url URL: Target URL (required) -v, –verbose: Enable verbose mode -n, –username USERNAME: Specify username (default: random) -p, –password PASSWORD: Specify password (default: random) -e, –email EMAIL: Specify email (default: random) -t, –token-file: File to save the token Prerequisites Python 3.x Requests library (install via pip install requests) Examples Exploit with random username, password, and email: bash python exploit.py -u https://target.com Exploit with specified username, password, and email: bash python exploit.py -u https://target.com -n admin -p admin123 -e [email protected] Output Upon successful exploitation, the script prints the URL, username, and password of the created admin account then save the output in token file. Remote Code Execution (RCE) Script Description This script allows executing commands on a vulnerable TeamCity server exploiting CVE-2023-42793. It first enables the debug processes and then executes the specified command using the appropriate API endpoints. Usage bash python rce_exploit.py -u <URL> [-v] [-c <COMMAND>] [-P <PORT>] Options -u, –url URL :…Read More