Add module for Eclipse Equinoxe OSGi console RCE. #9554
This module takes advantage of OSGi consoles exposed by some Java-based middleware servers.
The OSGi console is a telnet-based server that can be used for remote debugging and dynamic loading/removal of Java bundles running on an OSGi based server.
Follow these steps to run the vulnerable application on a Linux host:
Follow these steps to run the vulnerable application on a Windows host:
If you don't want to go through all those steps manually I recommend you to run the setup script on a Linux host, mount the directory on a Windows VM and start from step 11.
You can verify the module against the vulnerable application with those steps:
TIME_WAIT - Time to wait for payload to be executed. The default value is set to 20 seconds.
Reverse shell on Linux host
Exploit running against a Ubuntu Linux target:
Reverse shell on Windows host
Exploit running against a Windows 7 target:
If you happen to know a good bypass to feed command stager to
The text was updated successfully, but these errors were encountered:
@sempervictus regarding protocol library,
What I could do though is use IAC constants from
OSGI Console on Debian 9.3 x64
OSGI Console on Windows 7 SP1 x64