A Burp extension to detect and exploit versions of Telerik Web UI vulnerable to CVE-2017-9248. This extension is based on the original exploit tool written by Paul Taylor (@bao7uo) which is available at https://github.com/bao7uo/dp_crypto. Credits and big thanks to him.
A related blog post on how to exploit web applications via Telerik Web UI can also be found here.
- Detect vulnerable versions of Telerik Web UI during passive scans.
- Bruteforce the key and discover the "Document Manager" link just like the original exploit tool.
- Download telewreck.py to your machine.
- Install Python's requests module using
sudo pip install requests.
- On your Burp, go to Extender > Options tab. Then under the Python Environment section, locate your jython-standalone-2.7.0.jar file (1) and the directory where Python's requests module is located (2).
- Go to Extender > Extensions tab, then click on the Add button. On the new window, browse the location of telewreck.py and click the Next button.
- If there's any error, the Telewreck tab would appear in your Burp.
- This extension requires Python's requests module. Just run
pip install requeststo install it.
- The text area under Telewreck tab doesn't function as a console. So,
stderroutputs cannot be seen there. However, you can view them under the Output and Errors sections of the Extender tab.
- Before running another bruteforce, cancel the current process first by clicking the Cancel button.
- If the key can't be bruteforced, then probably the key has been set up securely and/or the application is not using a default installation of Telerik.
- If the key can't be bruteforced and/or there are some issues, it's recommended to fall back to the original exploit tool.