Python Exploits

Table of Contents

• Purpose
• Usage and Example
• Internet Explorer
• Adobe Reader and Acrobat
• Safari
• Opera
• Payload
• Further Reading
• Disclaimer

Purpose

Collection of proof-of-concept exploits written in Python that target vulnerabilities in Internet Explorer, Adobe Reader and Acrobat, Safari, and Opera. The exploits demonstrate known vulnerabilities in outdated software and are provided for educational and research purposes.

Usage and Example

Clone the python-exploits repository:

git clone https://github.com/ahmedobied/python-exploits.git

Navigate to the python-exploits folder and run any of the exploits:

cd python-exploits
python3 exploits/ie/ie_aurora.py 31337

For browser exploits, open the web address from a vulnerable browser. For other exploits, open the generated file with the targeted software.

Example

Run the ie_aurora exploits:

python3 exploits/ie/ie_aurora.py 31337

You will see the following output:

[-] Web server is running at http://127.0.0.1:31337/

When you try accessing the web address using curl:

curl http://127.0.0.1:31337/

You will get a webpage that includes the exploit:

        <html>
        <head>
            <script>
            
            var obj, event_obj;
            
            function spray_heap()
            ...

When you access the web address from a web browser, you will get the following:

[-] Incoming connection from 127.0.0.1
[-] Sending exploit to 127.0.0.1 ...
[-] Exploit sent to 127.0.0.1

When you access the web address from a vulnerable browser, the exploit spawns the calculator.

Internet Explorer

• ie_aurora: Exploits a vulnerability (CVE-2010-0249) in Internet Explorer.
• ie_owc: Exploits a vulnerability (CVE-2009-1136) in an ActiveX control (Microsoft Office Web Components) used by Internet Explorer.
• ie_delobject: Exploits a vulnerability (CVE-2009-0075) in Internet Explorer.
• ie_mpeg2tunerequest: Exploits a vulnerability (CVE-2008-0015) in an ActiveX control (Microsoft MPEG2TuneRequest) used by Internet Explorer.

For more details, see Internet Explorer's README.

Adobe Reader and Acrobat

• adobe_newplayer: Exploits a vulnerability (CVE-2009-4324) in Adobe Reader and Acrobat. The code generates a PDF that includes the exploit.
• adobe_collab_geticon: Exploits a vulnerability (CVE-2009-0927) in Adobe Reader via any web browser.

For more details, see Adobe's README.

Safari

• safari_xml_crash: Targets a vulnerability (CVE-2009-1233) in the Apple Safari browser.

For more details, see Safari's README.

Opera

• opera_xml_crash: Targets a vulnerability (CVE-2009-1234) in the Opera browser.

For more details, see Opera's README.

Payload

All exploits use the same payload that spawns the calculator upon successful exploitation. The payload is used as proof-of-concept to demonstrate the ability to execute arbitrary code.

Further Reading

For more information about web-based exploits and their use in the real-world, see the following study:

Ahmed Obied. Collection and Analysis of Web-based Exploits and Malware. M.Sc. Thesis. Department of Computer Science, University of Calgary, 2008.

Disclaimer

Please read the disclaimer before downloading or using any code in this repository.