关联漏洞
描述
An exploit for CVE-2012-2982 implemented in Rust
介绍
**This PoC exploit for CVE-2012-2982 was written as an exercise for the "Intro to PoC scripting" Room on TryHackMe**. <br>
The room can be found here: https://tryhackme.com/room/intropocscripting <br>
I was originally going to use Python to follow along, but decided to practice my Rust skills instead.<br>
I also saw that nearly every single non-Metasploit implementation on Github was in Python,
so I figured that bringing something new to the table might be fun.
---
### Usage
**Note:** The program spawns a Netcat listener by default.
If Netcat isn't in your path, or you want to run your own listener, run the program with the `-d` flag.
**From Source (Rust and Cargo required):**<br>
```bash
# To get detailed info about arguments:
cargo run -- --help
# General command structure:
cargo run -- <rhost> <lhost> <username> <password> [options]
```
<br>
**From Binary:**<br>
```bash
# To get detailed info about arguments:
./cve-2012-2982 --help
# General command structure:
./cve-2012-2982 <rhost> <lhost> <username> <password> [options]
```
<br>
**Program defaults:**<br>
1. rport=10000 (Webmin's default)<br>
2. lport=1337<br>
3. payload = generic bash tcp reverse shell<br>
---
文件快照
[4.0K] /data/pocs/04dd626bfb048b1fffb6c85ed92b95c4f17a7b33
├── [ 31K] Cargo.lock
├── [ 431] Cargo.toml
├── [1.0K] LICENSE
├── [1.2K] README.md
└── [4.0K] src
├── [ 938] args.rs
├── [8.8K] exploit.rs
├── [1.1K] lib.rs
└── [1.8K] main.rs
1 directory, 8 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。