An exploit for CVE-2012-2982 implemented in Rust

Related tags

Security tools rust exploit poc tryhackme cve-2012-2982
Overview

This PoC exploit for CVE-2012-2982 was written as an exercise for the "Intro to PoC scripting" Room on TryHackMe.

The room can be found here: https://tryhackme.com/room/intropocscripting

I was originally going to use Python to follow along, but decided to practice my Rust skills instead.

I also saw that nearly every single non-Metasploit implementation on Github was in Python, so I figured that bringing something new to the table might be fun.

Usage

Note: The program spawns a Netcat listener by default. If Netcat isn't in your path, or you want to run your own listener, run the program with the -d flag.

From Source (Rust and Cargo required):

# To get detailed info about arguments:
cargo run -- --help

# General command structure:
cargo run -- <rhost> <lhost> <username> <password> [options]

From Binary:

# To get detailed info about arguments:
./cve-2012-2982 --help

# General command structure:
./cve-2012-2982 <rhost> <lhost> <username> <password> [options]

Program defaults:

  1. rport=10000 (Webmin's default)
  2. lport=1337
  3. payload = generic bash tcp reverse shell
You might also like...
link is a command and control framework written in rust
link is a command and control framework written in rust

link link is a command and control framework written in rust. Currently in alpha. Table of Contents Introduction Features Feedback Build Process Ackno

null 427 Dec 24, 2022
CVEs for the Rust standard library

Rust CVE Preface This is a list of CVEs for unsound APIs in the Rust standard library. These bugs break Rust's memory safety guarantee and lead to sec

Yechan Bae 26 Dec 4, 2022
Rust bindings for VirusTotal/Yara

yara-rust Bindings for the Yara library from VirusTotal. More documentation can be found on the Yara's documentation. Example The implementation is in

null 43 Dec 17, 2022
Rust library for building and running BPF/eBPF modules

RedBPF A Rust eBPF toolchain. Overview The redbpf project is a collection of tools and libraries to build eBPF programs using Rust. It includes: redbp

foniod 1.5k Jan 1, 2023
Rust library for developing safe canisters.

IC Kit This library provides an alternative to ic-cdk that can help developers write canisters and unit test them in their Rust code. Install Add this

Psychedelic 26 Nov 28, 2022
MimiRust - Hacking the Windows operating system to hand us the keys to the kingdom with Rust.
MimiRust - Hacking the Windows operating system to hand us the keys to the kingdom with Rust.

MimiRust - Hacking the Windows operating system to hand us the keys to the kingdom with Rust. MimiRust is a program based on the wdigest attack vector

Thotty 0 Nov 29, 2022
simple multi-threaded port scanner written in rust
simple multi-threaded port scanner written in rust

knockson simple multi-threaded port scanner written in rust Install Using AUR https://aur.archlinux.org/packages/knockson-bin/ yay -Syu knockson-bin M

Josh Münte 4 Oct 5, 2022
Rust TLS/SSL certificate expiration date from command-line checker

Rust TLS/SSL certificate expiration date from command-line checker

Jose Bovet Derpich 9 Nov 9, 2022
Lightweight slowloris (HTTP DoS) implementation in Rust.
Lightweight slowloris (HTTP DoS) implementation in Rust.

slowlorust Lightweight slowloris (HTTP DoS) implementation in Rust. Slowloris is a denial-of-service attack program which allows an attacker to overwh

Michael Van Leeuwen 6 Sep 29, 2022
Releases(v0.1.3)
Owner
Zach (Tas)
Cybersecurity enthusiast | Self-taught (newbie) programmer | Learning and grinding my way towards (hopefully) gainful employment in the former field.
Zach (Tas)
GitHub
Checks your files for existence of Unicode BIDI characters which can be misused for supply chain attacks. See CVE-2021-42574

BIDI Character Detector This tool checks your files for existence of Unicode BIDI characters which can be misused for supply chain attacks to mitigate

null 5 Aug 26, 2022
Example of CVE-2024-24576 use case.

CVE-2024-24576 PoC The Command::arg and Command::args APIs state in their documentation that the arguments will be passed to the spawned process as-is

Frostb1te 51 Jul 3, 2024
💔 Heartbleed vulnerability exploit written in Rust

Heartbleed ?? Heartbleed vulnerability exploit written in Rust What is it Heartbleed is a buffer over-read vulnerability in outdated versions of OpenS

Gianmatteo Palmieri 4 May 23, 2023
Detects usage of unsafe Rust in a Rust crate and its dependencies.

cargo-geiger ☢️ Looking for maintainer: https://github.com/rust-secure-code/cargo-geiger/issues/210 A program that lists statistics related to the usa

Rust Secure Code Working Group 1.1k Jan 4, 2023
An esoteric language/compiler written with Rust and Rust LLVM bindings

MeidoLang (メイドラング) A not so useful and esoteric language. The goal of this project was to contain some quirky or novel syntax in a stack-style program

null 0 Dec 24, 2021
Rust-verification-tools - RVT is a collection of tools/libraries to support both static and dynamic verification of Rust programs.

Rust verification tools This is a collection of tools/libraries to support both static and dynamic verification of Rust programs. We see static verifi

null 253 Dec 31, 2022
Rust bindings for libinjection

libinjection-rs Rust bindings for libinjection. How to use Add libinjection to dependencies of Cargo.toml: libinjection = "0.2" Import crate: extern c

ArvanCloud 35 Sep 24, 2022
A simple password manager written in Rust

ripasso A simple password manager written in Rust. The root crate ripasso is a library for accessing and decrypting passwords stored in pass format (G

Joakim Lundborg 548 Dec 26, 2022
tcp connection hijacker, rust rewrite of shijack

rshijack tcp connection hijacker, rust rewrite of shijack from 2001. This was written for TAMUctf 2018, brick house 100. The target was a telnet serve

null 377 Jan 1, 2023
A fast, simple, recursive content discovery tool written in Rust.

A simple, fast, recursive content discovery tool written in Rust ?? Releases ✨ Example Usage ✨ Contributing ✨ Documentation ?? ?? What the heck is a f

epi 3.6k Dec 30, 2022