Lucene search

K
kitploitKitPloitKITPLOIT:9079806502812490909
HistoryMar 14, 2017 - 5:30 p.m.

strutszeiro - Telegram Bot to manage botnets created with struts vulnerability (CVE-2017-5638)

2017-03-1417:30:00
www.kitploit.com
400

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.975

Percentile

100.0%

Telegram Bot to manage botnets created with struts vulnerability(CVE-2017-5638)

Dependencies

pip install -r requeriments.txt  

Config

Create a telegram bot, save the API token in config/token.conf
Create a telegram group, save the group id in config/group.conf

Start
python strutszeiro.py

Telegram Usage

/add url - test vulnerability and add the new server
/exploit url *cmd - execute commands in a specific server (you need to use the * caracter)
/botnet cmd - execute commands in all servers
/list - show all servers in botnet
/total - show total of servers in botnet

Thanks to @btamburi

Download strutszeiro

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.975

Percentile

100.0%