For CTF use only (the CVE-2019-7214 also resolves the host from /etc/hosts)# Windows Reverse Shell Exploit (PowerShell over TCP)
This Python script targets a vulnerable service running on a remote Windows machine. It sends a serialized .NET payload that launches a PowerShell-based reverse shell back to the attacker's machine.
# CVE-2019-7214
Remote Code Execution in .NET deserialization for the SmarterMail system.
---
## ⚙️ Configuration
Update the script’s configuration section to match your environment:
```python
HOSTNAME = 'hostname' # Target hostname (resolved via /etc/hosts)
PORT = 9999 # Target port listening for serialized input
LHOST = '192.168.45.185' # Attacker IP (listener)
LPORT = 4444 # Attacker listening port
```
---
## 🧪 What It Does
- Resolves the target's hostname to an IP address.
- Constructs a PowerShell reverse shell command.
- Base64-encodes the command in UTF-16LE format.
- Appends it to a pre-built serialized .NET payload blob.
- Sends the payload over a TCP connection to the target.
---
## 🛠 Requirements
- Python 3.x
- Netcat or a similar tool listening on the attacker's port:
```bash
nc -lvnp 4444
```
---
## 🚀 Usage
```bash
python3 CVE-2019-7214 .py
```
If successful, you'll get a PowerShell prompt from the target on your listener.
---
## 🧼 Notes
- Make sure the target accepts serialized .NET input over the specified port.
- This script assumes the target can execute deserialized objects containing `System.Management.Automation` functionality.
- Be careful with spacing, encoding, and payload size – the PowerShell command is padded to exactly 1360 bytes to avoid corruption.
---
## ⚠️ Disclaimer
This script is provided for **educational purposes only**. Unauthorized use against systems you do not own or have explicit permission to test is illegal and unethical.
[4.0K] /data/pocs/a414032aaa851f72389667fcf59e3f6000c82ca6
├── [3.5K] CVE-2019-7214.py
└── [1.8K] README.md
0 directories, 2 files