Share
## https://sploitus.com/exploit?id=8257A1DE-9A4D-51E8-A8E2-7ED8E80B5BE9
# CVE-2021-22911

A rust proof of concept for this CVE. Used as part of https://tryhackme.com/room/rocket, a CTF boot to root on the TryHackMe learning platform.

To use, update the constants in main.rs and run, and it should work straight off. Requires that you have the admin email address and username, plus that MFA is not enabled.

Based on https://www.exploit-db.com/exploits/49960, a python implementation that does rely on MFA being enabled (and doesn't work as is for this version of RocketChat).