You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
During a recent engagement, I found that Nessus was now actively exploiting vulnerabilities for confirmation. When I checked the associated nasl script I found that the payload was generic enough to be used on a standalone script. Hence, I collected the payloads from all the nasl scripts that were part of the same RCE vulnerability (but for separate applications) and wrapped them with Python magic.
Next time you see a vulnreable application, use this script.
Changelog:
Update 29/02/2016
** Initial commit. Ready for testing.
Author
Nikhil Sreekumar (@roo7break)
Target applications
Websphere
JBoss
OpenNMS
Symantec Endpoint Protection Manager
Included scripts
serialator.py - Main exploit script
ICMPListener.py - To setup a ICMP listener using scapy. Used alongside serialator.py for testing if target is vulnerable or not.
Code details
Python3
No additional packages required
What next
Incorporate ysoserial.jar or its payload generation
Threaded exploiter - Weapon of mass exploitation :D
