Info

TeamCity will help you build faster, and organize development in the most efficient way. CI/CD with real-time reporting, smart analysis

CVE-2024-27199 PoC (RCE & Admin Account Creation)

RCity is a Python script that interacts with a vulnerable TeamCity server. The CVE facilitates for unauthorised admin account creation, bypassing 403's on the domain. Whilst also achieving RCE, through the Debug/Processes route.

• Admin Account Creation
• Remote Code Execution
• Generating Authorisation Tokens
• Enumerating Users
• Gathering Server Details

Usage

• PoC

wget <https://raw.githubusercontent.com/Stuub/RCity-CVE-2024-27198/main/RCity.py>; chmod +x RCity.py

To use the script, you need to provide the target TeamCity server URL as a command-line argument with the -t argument:

python RCity.py -t <http://teamcity.com:8111>

You can increase output verbosity with the -v or --verbose option:

python RCity.py -t <http://teamcity.com:8111> --verbose