CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/exploit/multi/misc/weblogic_deserialize_badattrval.md
Views: 1904
Vulnerable Application
There exists a Java object deserialization vulnerability in multiple versions of WebLogic.
Unauthenticated remote code execution can be achieved by sending a serialized BadAttributeValueExpException object over the T3 protocol to vulnerable WebLogic servers.
This module has been tested against versions v12.1.3.0.0, v12.2.1.3.0, and v12.2.1.4.0.
WebLogic versions can be downloaded from here.
Installation
Some version of Java 8 JDK is required to be installed on the server. This module has been tested successfully using jdk8u202 and jdk8u251.
Installation instructions for WebLogic can be found here.
On step 10 of the installation instructions, keep the Run Quickstart box checked and click done. A new window should pop up. Select Create a new domain -> next. Ensure Basic WebLogic Server Domain is selected and click next. Create credentials and select next. Domain mode can be either Production or Development, then click next. Click next again and select Create. Click next a couple more times, then click finish.
To start WebLogic, execute the startWebLogic script in Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain/.
Verification Steps
Install the application
Start msfconsole
Do:
use exploit/multi/misc/weblogic_deserialize_badattrvalDo:
set RHOSTS <ip>Do:
runYou should get a meterpreter session.