关联漏洞
描述
CVE-2024-5764 exploitation script
介绍
# CVE-2024-5764
This repository contains a Python script capable of exploiting [CVE-2024-5764](https://www.cve.org/CVERecord?id=CVE-2024-5764) by decrypting encrypted data with the static encryption key. Sonatype announcement available [here](https://support.sonatype.com/hc/en-us/articles/34496708991507-CVE-2024-5764-Nexus-Repository-Manager-3-Static-hard-coded-encryption-passphrase-used-by-default-2024-10-17).
## Usage
```
usage: cve-2024-5764.py [-h] [-e ENCRYPTED_PAYLOAD] [-p PASSPHRASE]
Decrypt data encrypted by the Java PasswordCipher class (CVE-2024-5764).
options:
-h, --help show this help message and exit
-e ENCRYPTED_PAYLOAD, --encrypted_payload ENCRYPTED_PAYLOAD
Base64 encoded encrypted payload.
-p PASSPHRASE, --passphrase PASSPHRASE
Passphrase used to decrypt the payload.
```
## Disclaimer
This program is intended for legitimate and authorized purposes only. The author holds no responsibility or liability for misuse of this project.
文件快照
[4.0K] /data/pocs/55899905085f90a50e9029f455445ae8f9bdba68
├── [2.1K] cve-2024-5764.py
├── [1.0K] LICENSE.md
├── [1.0K] README.md
└── [ 13] requirements.txt
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。