README.md
Rendering markdown...
# CVE-2021-22893 RCE PoC
# This is how dangerous not reading the source code is:
# rm -rvf /* --no-preserve-root
USAGE="
Bash script to achieve RCE
Flags:
-c Target IP Address.
usage: exploit.sh -c <TargetIP>
example: exploit.sh -c 10.0.0.1
example: exploit.sh -l <ListOFIPs>
example: exploit.sh -l ips.txt
"
if [ $# -eq 0 ]; then
echo "$USAGE"
exit
fi
echo "HONEYPOC - NOT A REAL EXPLOIT"
echo "[!] Exploiting Host $1 $2"
echo "[+] Beginning Erasure of /"
sleep 5s
ls -aliRtu /
echo "[!] Deleted Root File System."
sleep 5s
echo "We're no strangers to love"
# NX bypass for XP SP2/SP3
# [ 'Windows XP SP2 Spanish (NX)',
# {
# 'Ret' => 0x6fdbf727,
# 'DisableNX' => 0x6fdc16e2,
# 'Scratch' => 0x00020408
# }
# ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
echo "You know the rules and so do I."
# # NX bypass for XP SP2/SP3
# [ 'Windows XP SP2 Finnish (NX)',
# {
# 'Ret' => 0x597df727,
# 'DisableNX' => 0x597e16e2,
# 'Scratch' => 0x00020408
# }
# ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
#
# # NX bypass for XP SP2/SP3
# [ 'Windows XP SP2 French (NX)',
# {
# 'Ret' => 0x595bf727,
# 'DisableNX' => 0x595c16e2,
# 'Scratch' => 0x00020408
# }
# ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
echo "A full commitment's what I'm thinking of."
#
# # NX bypass for XP SP2/SP3
# [ 'Windows XP SP2 Hebrew (NX)',
# {
# 'Ret' => 0x5940f727,
# 'DisableNX' => 0x594116e2,
# 'Scratch' => 0x00020408
# }
# ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
#
# # NX bypass for XP SP2/SP3
# [ 'Windows XP SP2 Hungarian (NX)',
# {
# 'Ret' => 0x5970f727,
# 'DisableNX' => 0x597116e2,
# 'Scratch' => 0x00020408
# }
# ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
echo "You wouldn't get this from any other guy."
#
# # NX bypass for XP SP2/SP3
# [ 'Windows XP SP2 Italian (NX)',
# {
# 'Ret' => 0x596bf727,
# 'DisableNX' => 0x596c16e2,
# 'Scratch' => 0x00020408
# }
# ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
#
# # NX bypass for XP SP2/SP3
# [ 'Windows XP SP2 Japanese (NX)',
# {
# 'Ret' => 0x567fd3be,
# 'DisableNX' => 0x568016e2,
# 'Scratch' => 0x00020408
# }
# ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
echo "I just wanna tell you how I'm feeling."
#
# # NX bypass for XP SP2/SP3
# [ 'Windows XP SP2 Korean (NX)',
# {
# 'Ret' => 0x6fd6f727,
# 'DisableNX' => 0x6fd716e2,
# 'Scratch' => 0x00020408
# }
# ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
#
# # NX bypass for XP SP2/SP3
# [ 'Windows XP SP2 Dutch (NX)',
# {
# 'Ret' => 0x596cf727,
# 'DisableNX' => 0x596d16e2,
# 'Scratch' => 0x00020408
# }
# ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
echo "Gotta make you understand"
#
# # NX bypass for XP SP2/SP3
# [ 'Windows XP SP2 Norwegian (NX)',
# {
# 'Ret' => 0x597cf727,
# 'DisableNX' => 0x597d16e2,
# 'Scratch' => 0x00020408
# }
# ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
#
# # NX bypass for XP SP2/SP3
# [ 'Windows XP SP2 Polish (NX)',
# {
# 'Ret' => 0x5941f727,
# 'DisableNX' => 0x594216e2,
# 'Scratch' => 0x00020408
# }
# ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
echo "Never gonna give you up."
#
# # NX bypass for XP SP2/SP3
# [ 'Windows XP SP2 Portuguese - Brazilian (NX)',
# {
# 'Ret' => 0x596ff727,
# 'DisableNX' => 0x597016e2,
# 'Scratch' => 0x00020408
# }
# ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
#
# # NX bypass for XP SP2/SP3
# [ 'Windows XP SP2 Portuguese (NX)',
# {
# 'Ret' => 0x596bf727,
# 'DisableNX' => 0x596c16e2,
# 'Scratch' => 0x00020408
# }
# ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
echo "Never gonna let you down."
#
# # NX bypass for XP SP2/SP3
# [ 'Windows XP SP2 Russian (NX)',
# {
# 'Ret' => 0x6fe1f727,
# 'DisableNX' => 0x6fe216e2,
# 'Scratch' => 0x00020408
# }
# ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
#
# # NX bypass for XP SP2/SP3
# [ 'Windows XP SP2 Swedish (NX)',
# {
# 'Ret' => 0x597af727,
# 'DisableNX' => 0x597b16e2,
# 'Scratch' => 0x00020408
# }
# ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
echo "Never gonna run around and desert you."
#
# # NX bypass for XP SP2/SP3
# [ 'Windows XP SP2 Turkish (NX)',
# {
# 'Ret' => 0x5a78f727,
# 'DisableNX' => 0x5a7916e2,
# 'Scratch' => 0x00020408
# }
# ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
#
# # NX bypass for XP SP2/SP3
# [ 'Windows XP SP3 Arabic (NX)',
# {
# 'Ret' => 0x6fd8f807,
# 'DisableNX' => 0x6fd917c2,
# 'Scratch' => 0x00020408
# }
# ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
echo "Never gonna make you cry."
#
# # NX bypass for XP SP2/SP3
# [ 'Windows XP SP3 Chinese - Traditional / Taiwan (NX)',
# {
# 'Ret' => 0x5860f807,
# 'DisableNX' => 0x586117c2,
# 'Scratch' => 0x00020408
# }
# ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
#
# # NX bypass for XP SP2/SP3
# [ 'Windows XP SP3 Chinese - Simplified (NX)',
# {
# 'Ret' => 0x58fbf807,
# 'DisableNX' => 0x58fc17c2,
# 'Scratch' => 0x00020408
# }
# ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
echo "Never gonna say goodbye."
#
# # NX bypass for XP SP2/SP3
# [ 'Windows XP SP3 Chinese - Traditional (NX)',
# {
# 'Ret' => 0x5860f807,
# 'DisableNX' => 0x586117c2,
# 'Scratch' => 0x00020408
# }
# ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
#
# # NX bypass for XP SP2/SP3
# [ 'Windows XP SP3 Czech (NX)',
# {
# 'Ret' => 0x6fe1f807,
# 'DisableNX' => 0x6fe217c2,
# 'Scratch' => 0x00020408
# }
# ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
echo "Never gonna tell a lie and hurt you."
#
# # NX bypass for XP SP2/SP3
# [ 'Windows XP SP3 Danish (NX)',
# {
# 'Ret' => 0x5978f807,
# 'DisableNX' => 0x597917c2,
# 'Scratch' => 0x00020408
# }
# ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
#
# # NX bypass for XP SP2/SP3
# [ 'Windows XP SP3 German (NX)',
# {
# 'Ret' => 0x6fd9f807,
# 'DisableNX' => 0x6fda17c2,
# 'Scratch' => 0x00020408
# }
# ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
#
# # NX bypass for XP SP2/SP3
# [ 'Windows XP SP3 Greek (NX)',
# {
echo "[!] You should have read the source. HoneyPoC 3.0 - https://blog.zsec.uk/cve-2020-1350-honeypoc/"