# CVE-2019-3980
This repo was created to utilize the Nessus POC with a custom C# executable to run commands on a remote host and get the output of the command.
<br />
<br />
The python file is used to start a web server, execute the exploit, and then get the results over the web server.<br />
The C# exe is uploaded through the exploit to the target.
When executed on thte target, the exe calls back to the IP/Port specified to get the command to run (path is /cmd).<br />
Once the command finishes, the exe sends the output to the same webserver.
Sending the output is done through a GET request that will generate a 404, but thats fine we just want the base64 data.
<br />
<br />
C# exe has two variables that need to be updated<br />
These variables reference the attacking systems IP and Port<br />
string ip = "10.8.0.3"; <br />
string port = "8000";
<br />
--if port is updated, python script needs to be updated as well, variable to server the HTTP server is below in python script
PORT = 8000
<br />
Wherever script is launched from needs to contain the file uploaded and well as file called "cmd" which contains the windows commands you want to run.
<br />
<br />
To use this script:<br />
Update variables<br />
create cmd file with commands to run on vulnerable host<br />
compile c# solution contained in zip file <br />
run python script:
python dameware-poc.py -t target_ip -e executable_to_upload
<br />
Example below runs the net users command on the remote host
<br />
<br />
[4.0K] /data/pocs/478758e32b7486a51f67d7111be59ee1a6f41ce9
├── [ 35K] dameware-poc1.png
├── [ 45K] dameware-poc2.png
├── [ 13K] dameware-poc.py
├── [ 16K] Exec.zip
└── [1.6K] README.md
0 directories, 5 files