Skip to content

sud0woodo/ApacheUNO-RCE

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
README.md
README.md
 
 
uno-rce.py
uno-rce.py
 
 

Repository files navigation

ApacheUNO-RCE

Apache UNO API Remote Code Execution

PoC script to show the ability to execute code remotely using the Apache UNO API.

The RCE is present in Windows and Linux distributions that are running the StarOffice manager.

HackDefense Advisory

Finding the RCE

Prerequisites

You will need to install the PyNO library on the machine that you want to execute the script on, this can be done by issueing the following command:

sudo apt-get install python3-uno

The target machine needs to run the StarOffice manager for the RCE to be present. The presence of the StarOffice manager that is externally reachable can be tested by looking at the banner:

e'com.sun.star.bridge.XProtocolPropertiesUrpProtocolProperties.UrpProtocolPropertiesTid'

Usage

The script accepts the following parameters:

  • --host the host to connect to
  • --port the port that the StarOffice manager instance is running on

Example

uno-rce.py --host 10.10.10.101 --port 2083

About

Apache UNO API Remote Code Execution

Resources

Readme
Activity

Stars

6 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages