Giter Club home page Giter Club logo

Comments (9)

benichmt1 avatar benichmt1 commented on May 26, 2024

@braimee
If you're just doing it for a demo, here's a Metasploit module that should be easier to set up.
https://github.com/rapid7/metasploit-framework/pull/7768?utm_content=43350703&utm_medium=social&utm_source=twitter

from exploit-cve-2016-10033.

7MinSec avatar 7MinSec commented on May 26, 2024

Thanks @benichmt1 , I appreciate that. I'll look into it. Just moments before receiving your reply I tried https://legalhackers.com/videos/PHPMailer-Exploit-Remote-Code-Exec-Vuln-CVE-2016-10033-PoC.html and mirroring this setup worked tenaciously. So I'm good to go with my PoC for the talk. Thanks again!

from exploit-cve-2016-10033.

avatar commented on May 26, 2024

@braimee Hello there! I do the steps and your almost, but that is unsuccessful! Would like to ask what you have done a successful operation of the key! Thank you!

from exploit-cve-2016-10033.

7MinSec avatar 7MinSec commented on May 26, 2024

Hi @wpaisk can you be a bit more specific on your issue? I basically went to http://pwnscriptum.com/, downloaded the sample vulnerable contact form and staged it on a local VM, then attacked using the exploit.

from exploit-cve-2016-10033.

avatar commented on May 26, 2024

@braimee what i've done:

  1. Copy all files to kali under / var / www / html /
  2. Download the exploit file: PwnScriptum_RCE_exploit.py
  3. The use of loopholes, being given
  4. The specific error is: [!] Something went wrong ... Got error: [404]
    Try another dir? Push through, do not give up! :) and the cache file could not create!

from exploit-cve-2016-10033.

avatar commented on May 26, 2024

@braimee I have tried several virtual machines, but seemingly not! Can not create cache file

from exploit-cve-2016-10033.

7MinSec avatar 7MinSec commented on May 26, 2024

@wpaisk sorry for the delay, I'll be spinning up this VM again today and will look further at my config and post more details.

from exploit-cve-2016-10033.

7MinSec avatar 7MinSec commented on May 26, 2024

Ok so my test vulnerable VM has the attached page served up in Apache root. Note I uncommented this line:

require 'PHPMailer-5.2.17/PHPMailerAutoload.php';

Then, in /var/www/html I have the PHPMailer-5.2.17 folder, which the index.html references. That's about it. Does that help?

from exploit-cve-2016-10033.

opsxcq avatar opsxcq commented on May 26, 2024

@braimee you can open the Dockerfile and read it's contents, just execute that by hand in a Debian linux, and you will get the very same result.

from exploit-cve-2016-10033.

Related Issues (8)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.