Storks: Remote Code Execution Vulnerability Exploitation Tool

Overview

Storks is a Python-based Proof-of-Concept (PoC) tool designed to demonstrate a critical Remote Code Execution (RCE) vulnerability, identified as CVE-2025-0282, in a specific network appliance. This vulnerability can be exploited by sending a crafted POST request to a specific endpoint. This tool is intended for educational and research purposes only.

Disclaimer: Please note that using this tool on systems without proper authorization is illegal and unethical. We are not responsible for any damages or actions caused by misuse of this tool. Please use it responsibly and at your own risk.

Vulnerability Description

The /dana-na/auth/url_default/welcome.cgi endpoint is vulnerable to a buffer overflow, which can be exploited to achieve remote code execution by overwriting the return address on the stack. This allows the attacker to execute arbitrary shellcode, potentially leading to full control of the system. The exploit uses Return-Oriented Programming (ROP) to bypass ASLR and execute the shell code correctly.

How to Use

1. Prerequisites:

   • A working Python 3.6+ environment.
   • Libraries: requests, struct, socket, ssl, urllib3, pymongo, openai, bson and google-generativeai.
   • WSL (Windows Subsystem for Linux) is recommended for msfvenom.
   • A MongoDB server.
   • An OpenAI API key.
   • A reverse shell listener.

2. Obtain Storks: To obtain the full Storks application and secure download link, please contact me on Telegram: @AnonStorks

3. Set up a Listener: Configure your system to listen on the specified IP and port.

4. Run the Exploit: After obtaining the code, you can execute the Storks application and follow the on-screen prompts.

   python exploit.py <target_ip>

   • Replace <target_ip> with the IP address of the vulnerable target.

5. Wait for success or error: The code will attempt the exploit until it succeeds or until you stop it.

Technical Details

The exploit attempts to gain code execution by exploiting a buffer overflow vulnerability present in the /dana-na/auth/url_default/welcome.cgi endpoint. The code attempts to overwrite the return address and inject shellcode into the vulnerable process. The code uses the following steps:

1. Connects to the target: Code first attempts to connect to the target system on port 443.
2. Gets data from OpenAI: Code makes a request to OpenAI API for system and exit address and a shell code.
3. Generates Payload: Code creates a partial overwrite payload with addresses from OpenAI API and a shell code generated by msfvenom or OpenAI.
4. Sends payload: Code sends the payload to the target system.
5. Validates payload: Checks for a specific pattern in the response of the server and makes a connection back to the attacker IP and port.
6. Tries again: The code repeats steps above until the connection is successful.
7. Saves results: After a successful connection, the results are stored in a MongoDB.

Important Notes

• The Storks application is provided for educational purposes only. Use at your own risk and responsibly.
• Exploiting systems without authorization is illegal.
• This is a very specific exploit and may not work in all cases or versions of the vulnerable target.
• You can use the Storks application for testing and learning, but it must not be used for malicious purposes.
• Do not attempt to use this tool on a system that you do not have explicit permission to test.

Disclaimer

The Storks application is provided "as is" without any warranty. The author is not responsible for any damages or illegal actions caused by the use of this code. Use responsibly and ethically.

Contributing

Contributions are welcome. Feel free to open pull requests or report issues.

Contact

For full code and secure download link, please contact me on Telegram: @AnonStorks