POC详情: a20a2190b5614f944446c6fb1084bcdc804b968e

来源
关联漏洞
标题: Rejetto HTTP File Server‘ParserLib.pas’代码注入漏洞 (CVE-2014-6287)
描述:HTTP File Server是一款专为个人用户所设计的HTTP文件服务器,它提供虚拟档案系统,支持新增、移除虚拟档案资料夹等。 Rejetto HTTP File Server 2.3c及之前版本中的parserLib.pas文件中的‘findMacroMarker’函数中存在安全漏洞,该漏洞源于parserLib.pas文件没有正确处理空字节。远程攻击者可借助搜索操作中的‘%00’序列利用该漏洞执行任意程序。
介绍
---

# HFS CVE-2014-6287 Exploit Tool

## Overview

This repository contains a Python-based exploit tool designed to take advantage of the **CVE-2014-6287** vulnerability in **HTTP File Server (HFS)** versions **2.3.x**. This vulnerability allows an attacker to execute arbitrary commands on the server, potentially leading to unauthorized access and control.

**⚠️ Disclaimer:**  
This tool is intended **solely for educational and authorized penetration testing purposes**. Unauthorized use of this tool against systems you do not own or have explicit permission to test is illegal and unethical. The author and contributors are **not responsible** for any misuse or damage caused by this tool.

## Table of Contents

- [Features](#features)
- [Prerequisites](#prerequisites)
- [Installation](#installation)
- [Usage](#usage)
- [How It Works](#how-it-works)
- [Configuration](#configuration)
- [Troubleshooting](#troubleshooting)
- [Contributing](#contributing)
- [Author](#author)
- [License](#license)

## Features

- **Command Execution:** Executes arbitrary PowerShell commands on the target HFS server.
- **Reverse Shell:** Establishes a reverse shell connection back to the attacker's machine.
- **Base64 Encoding:** Utilizes Base64 encoding to obfuscate the PowerShell command.
- **Customizable IPs and Ports:** Easily configure local and remote host addresses and ports.

## Prerequisites

- **Python 3.6+**
- **Netcat (`nc`)** installed on the attacker's machine.
- **HTTP File Server (HFS)** version **2.3.x** running on the target machine.
- **Network Access:** Ensure that the attacker's machine can communicate with the target machine over the specified ports.

## Installation

1. **Clone the Repository:**

   ```bash
   git clone https://github.com/francescobrina/hfs-cve-2014-6287-exploit.git
   cd hfs-cve-2014-6287-exploit
   ```

2. **Install Dependencies:**

   This script relies on Python's standard libraries. Ensure you have Python 3.6 or higher installed.

   ```bash
   python3 --version
   ```

   If you don't have Python installed, download it from the [official website](https://www.python.org/downloads/) or use your package manager.

## Usage

1. **Configure the Script:**

   Open the `exploit.py` file in a text editor and configure the following variables:

   ```python
   lhost = "YOUR_LOCAL_IP"    # Your attacker's IP address
   lport = 1111               # Port to listen on
   rhost = "TARGET_IP"        # Target HFS server IP address
   rport = 80                 # Target HFS server port (default is 80)
   ```

2. **Start Netcat Listener:**

   On your attacker's machine, start a Netcat listener to receive the reverse shell:

   ```bash
   nc -nlvp 1111
   ```

3. **Run the Exploit Script:**

   Execute the Python exploit script:

   ```bash
   python3 exploit.py
   ```

   The script will encode the PowerShell command in Base64, send an HTTP GET request to the target HFS server, and await a reverse shell connection.

4. **Establish Connection:**

   If the exploit is successful, you should receive a reverse shell on your Netcat listener.

## How It Works

1. **PowerShell Command Creation:**

   The script constructs a PowerShell command that initiates a TCP connection back to the attacker's machine (`lhost:lport`). Once connected, it creates a stream to send and receive data, effectively establishing a reverse shell.

2. **Encoding the Command:**

   The PowerShell command is encoded in Base64 using UTF-16LE encoding to obfuscate it and bypass potential security filters.

3. **Crafting the Payload:**

   The encoded command is embedded into a payload that is sent as part of an HTTP GET request to the target HFS server's vulnerable endpoint.

4. **Executing the Payload:**

   When the HFS server processes the request, it decodes and executes the PowerShell command, establishing a reverse shell back to the attacker.

## Configuration

Ensure that the following configurations are correctly set before running the exploit:

- **`lhost`:** Your machine's IP address where Netcat is listening.
- **`lport`:** The port number on which Netcat is listening.
- **`rhost`:** The target machine's IP address running the vulnerable HFS server.
- **`rport`:** The port number of the target HFS server (default is 80).

Example configuration:

```python
lhost = "192.168.1.100"
lport = 1111
rhost = "192.168.1.105"
rport = 80
```

## Troubleshooting

- **No Reverse Shell Connection:**
  - Verify that the target machine is running the vulnerable version of HFS.
  - Ensure there are no firewalls blocking the connection on the specified ports.
  - Confirm that `lhost` and `rhost` are correctly set and reachable.

- **Script Errors:**
  - Ensure you are using Python 3.6 or higher.
  - Check for any syntax errors or missing dependencies.

- **Netcat Issues:**
  - Ensure Netcat is installed and accessible in your system's PATH.
  - Use the correct flags (`-nlvp`) to start the listener.

## Contributing

Contributions are welcome! If you find any issues or have suggestions for improvements, please open an issue or submit a pull request.

1. **Fork the Repository**
2. **Create a Feature Branch**

   ```bash
   git checkout -b feature/YourFeature
   ```

3. **Commit Your Changes**

   ```bash
   git commit -m "Add Your Feature"
   ```

4. **Push to the Branch**

   ```bash
   git push origin feature/YourFeature
   ```

5. **Open a Pull Request**

## Author

Developed by [Francesco Brina](https://github.com/francescobrina).  
Email: francescobrina9@gmail.com

## License

This project is licensed under the [MIT License](LICENSE).

---

**Disclaimer:**  
Use this tool responsibly and only on systems you have explicit permission to test. The author is not liable for any misuse or damage caused by this tool.

---

Feel free to let me know if you'd like any further adjustments!
文件快照

[4.0K] /data/pocs/a20a2190b5614f944446c6fb1084bcdc804b968e ├── [1.9K] exploit.py └── [5.7K] README.md 0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。