关联漏洞
介绍
---
# HFS CVE-2014-6287 Exploit Tool
## Overview
This repository contains a Python-based exploit tool designed to take advantage of the **CVE-2014-6287** vulnerability in **HTTP File Server (HFS)** versions **2.3.x**. This vulnerability allows an attacker to execute arbitrary commands on the server, potentially leading to unauthorized access and control.
**⚠️ Disclaimer:**
This tool is intended **solely for educational and authorized penetration testing purposes**. Unauthorized use of this tool against systems you do not own or have explicit permission to test is illegal and unethical. The author and contributors are **not responsible** for any misuse or damage caused by this tool.
## Table of Contents
- [Features](#features)
- [Prerequisites](#prerequisites)
- [Installation](#installation)
- [Usage](#usage)
- [How It Works](#how-it-works)
- [Configuration](#configuration)
- [Troubleshooting](#troubleshooting)
- [Contributing](#contributing)
- [Author](#author)
- [License](#license)
## Features
- **Command Execution:** Executes arbitrary PowerShell commands on the target HFS server.
- **Reverse Shell:** Establishes a reverse shell connection back to the attacker's machine.
- **Base64 Encoding:** Utilizes Base64 encoding to obfuscate the PowerShell command.
- **Customizable IPs and Ports:** Easily configure local and remote host addresses and ports.
## Prerequisites
- **Python 3.6+**
- **Netcat (`nc`)** installed on the attacker's machine.
- **HTTP File Server (HFS)** version **2.3.x** running on the target machine.
- **Network Access:** Ensure that the attacker's machine can communicate with the target machine over the specified ports.
## Installation
1. **Clone the Repository:**
```bash
git clone https://github.com/francescobrina/hfs-cve-2014-6287-exploit.git
cd hfs-cve-2014-6287-exploit
```
2. **Install Dependencies:**
This script relies on Python's standard libraries. Ensure you have Python 3.6 or higher installed.
```bash
python3 --version
```
If you don't have Python installed, download it from the [official website](https://www.python.org/downloads/) or use your package manager.
## Usage
1. **Configure the Script:**
Open the `exploit.py` file in a text editor and configure the following variables:
```python
lhost = "YOUR_LOCAL_IP" # Your attacker's IP address
lport = 1111 # Port to listen on
rhost = "TARGET_IP" # Target HFS server IP address
rport = 80 # Target HFS server port (default is 80)
```
2. **Start Netcat Listener:**
On your attacker's machine, start a Netcat listener to receive the reverse shell:
```bash
nc -nlvp 1111
```
3. **Run the Exploit Script:**
Execute the Python exploit script:
```bash
python3 exploit.py
```
The script will encode the PowerShell command in Base64, send an HTTP GET request to the target HFS server, and await a reverse shell connection.
4. **Establish Connection:**
If the exploit is successful, you should receive a reverse shell on your Netcat listener.
## How It Works
1. **PowerShell Command Creation:**
The script constructs a PowerShell command that initiates a TCP connection back to the attacker's machine (`lhost:lport`). Once connected, it creates a stream to send and receive data, effectively establishing a reverse shell.
2. **Encoding the Command:**
The PowerShell command is encoded in Base64 using UTF-16LE encoding to obfuscate it and bypass potential security filters.
3. **Crafting the Payload:**
The encoded command is embedded into a payload that is sent as part of an HTTP GET request to the target HFS server's vulnerable endpoint.
4. **Executing the Payload:**
When the HFS server processes the request, it decodes and executes the PowerShell command, establishing a reverse shell back to the attacker.
## Configuration
Ensure that the following configurations are correctly set before running the exploit:
- **`lhost`:** Your machine's IP address where Netcat is listening.
- **`lport`:** The port number on which Netcat is listening.
- **`rhost`:** The target machine's IP address running the vulnerable HFS server.
- **`rport`:** The port number of the target HFS server (default is 80).
Example configuration:
```python
lhost = "192.168.1.100"
lport = 1111
rhost = "192.168.1.105"
rport = 80
```
## Troubleshooting
- **No Reverse Shell Connection:**
- Verify that the target machine is running the vulnerable version of HFS.
- Ensure there are no firewalls blocking the connection on the specified ports.
- Confirm that `lhost` and `rhost` are correctly set and reachable.
- **Script Errors:**
- Ensure you are using Python 3.6 or higher.
- Check for any syntax errors or missing dependencies.
- **Netcat Issues:**
- Ensure Netcat is installed and accessible in your system's PATH.
- Use the correct flags (`-nlvp`) to start the listener.
## Contributing
Contributions are welcome! If you find any issues or have suggestions for improvements, please open an issue or submit a pull request.
1. **Fork the Repository**
2. **Create a Feature Branch**
```bash
git checkout -b feature/YourFeature
```
3. **Commit Your Changes**
```bash
git commit -m "Add Your Feature"
```
4. **Push to the Branch**
```bash
git push origin feature/YourFeature
```
5. **Open a Pull Request**
## Author
Developed by [Francesco Brina](https://github.com/francescobrina).
Email: francescobrina9@gmail.com
## License
This project is licensed under the [MIT License](LICENSE).
---
**Disclaimer:**
Use this tool responsibly and only on systems you have explicit permission to test. The author is not liable for any misuse or damage caused by this tool.
---
Feel free to let me know if you'd like any further adjustments!
文件快照
[4.0K] /data/pocs/a20a2190b5614f944446c6fb1084bcdc804b968e
├── [1.9K] exploit.py
└── [5.7K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。