POC详情: 55899905085f90a50e9029f455445ae8f9bdba68

来源
https://github.com/fin3ss3g0d/CVE-2024-5764
关联漏洞
标题: Sonatype Nexus Repository 安全漏洞 (CVE-2024-5764)
描述:Sonatype Nexus Repository是美国Sonatype公司的一款存储库管理器,它主要用于管理、存储和分发软件等。 Sonatype Nexus Repository 3.0.0版本到3.72.0版本存在安全漏洞,该漏洞源于使用硬编码凭据。
描述
CVE-2024-5764 exploitation script
介绍
# CVE-2024-5764

This repository contains a Python script capable of exploiting [CVE-2024-5764](https://www.cve.org/CVERecord?id=CVE-2024-5764) by decrypting encrypted data with the static encryption key. Sonatype announcement available [here](https://support.sonatype.com/hc/en-us/articles/34496708991507-CVE-2024-5764-Nexus-Repository-Manager-3-Static-hard-coded-encryption-passphrase-used-by-default-2024-10-17).

## Usage

```
usage: cve-2024-5764.py [-h] [-e ENCRYPTED_PAYLOAD] [-p PASSPHRASE]

Decrypt data encrypted by the Java PasswordCipher class (CVE-2024-5764).

options:
  -h, --help            show this help message and exit
  -e ENCRYPTED_PAYLOAD, --encrypted_payload ENCRYPTED_PAYLOAD
                        Base64 encoded encrypted payload.
  -p PASSPHRASE, --passphrase PASSPHRASE
                        Passphrase used to decrypt the payload.
```

## Disclaimer

This program is intended for legitimate and authorized purposes only. The author holds no responsibility or liability for misuse of this project.
文件快照

 [4.0K]  /data/pocs/55899905085f90a50e9029f455445ae8f9bdba68
├── [2.1K]  cve-2024-5764.py
├── [1.0K]  LICENSE.md
├── [1.0K]  README.md
└── [  13]  requirements.txt

0 directories, 4 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。