# CVE-2021-22911

A rust proof of concept for this CVE. Used as part of, a CTF boot to root on the TryHackMe learning platform.

To use, update the constants in and run, and it should work straight off. Requires that you have the admin email address and username, plus that MFA is not enabled.

Based on, a python implementation that does rely on MFA being enabled (and doesn't work as is for this version of RocketChat).