1
1
Fork
You've already forked Spiff-Combined
0
DISCLAIMER: I am not the creator of either CVE, all credit goes to Watchtower and Immersive Labs for the respective CVE work. I just smashed their code together like some child playing with action figures and it happened to work. --- Quick tool I made that combines the PoC Code for CVE-2025-54309 and CVE-2025-31161 that checks for the race condition vulnerability, creates the backdoor "spiff" user, and pulls a list of users from the instance.
  • Python 100%
2025年09月11日 10:29:14 -04:00
crushSpiffMod.py First Commit. Sending python file. 2025年09月11日 10:26:29 -04:00
LICENSE Initial commit 2025年09月11日 16:14:51 +02:00
README.md Updating README with links to original PoCs. 2025年09月11日 10:29:14 -04:00

Spiff-Combined

DISCLAIMER: I am not the creator of either CVE, all credit goes to Watchtower and Immersive Labs for the respective CVE work. I just smashed their code together like some child playing with action figures and it happened to work.

Watchtower: https://labs.watchtowr.com/the-one-where-we-just-steal-the-vulnerabilities-crushftp-cve-2025-54309/

Immersive Labs: https://github.com/Immersive-Labs-Sec/CVE-2025-31161


Quick tool I made that combines the PoC Code for CVE-2025-54309 and CVE-2025-31161 that checks for the race condition vulnerability, creates the backdoor "spiff" user, and pulls a list of users from the instance.