Skip to content
Apache UNO API Remote Code Execution
Python
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md
uno-rce.py

README.md

ApacheUNO-RCE

Apache UNO API Remote Code Execution

PoC script to show the ability to execute code remotely using the Apache UNO API.

The RCE is present in Windows and Linux distributions that are running the StarOffice manager.

HackDefense Advisory

Finding the RCE

Prerequisites

You will need to install the PyNO library on the machine that you want to execute the script on, this can be done by issueing the following command:

sudo apt-get install python3-uno

The target machine needs to run the StarOffice manager for the RCE to be present. The presence of the StarOffice manager that is externally reachable can be tested by looking at the banner:

e'com.sun.star.bridge.XProtocolPropertiesUrpProtocolProperties.UrpProtocolPropertiesTid'

Usage

The script accepts the following parameters:

  • --host the host to connect to
  • --port the port that the StarOffice manager instance is running on

Example

uno-rce.py --host 10.10.10.101 --port 2083
You can’t perform that action at this time.