Lucene search
KitPloitKITPLOIT:9079806502812490909HistoryMar 14, 2017 - 5:30 p.m.
strutszeiro - Telegram Bot to manage botnets created with struts vulnerability (CVE-2017-5638)
2017-03-1417:30:00
www.kitploit.com
360
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%
Telegram Bot to manage botnets created with struts vulnerability(CVE-2017-5638)
Dependencies
pip install -r requeriments.txt
Config
Create a telegram bot, save the API token in config/token.conf
Create a telegram group, save the group id in config/group.conf
Start
python strutszeiro.py
Telegram Usage
/add url - test vulnerability and add the new server
/exploit url *cmd - execute commands in a specific server (you need to use the * caracter)
/botnet cmd - execute commands in all servers
/list - show all servers in botnet
/total - show total of servers in botnet
Thanks to @btamburi
References
Related
lenovo
lenovo
Apache Struts Open Source Framework Remote Code Execution - us
2017-06-09 00:00:00
ibm
ibm
hackerone
hackerone
U.S. Dept Of Defense: Remote Code Execution (RCE) in a DoD website
2017-03-13 13:22:29
U.S. Dept Of Defense: Remote code execution vulnerability on a DoD website
2017-03-13 04:14:12
U.S. Dept Of Defense: Remote Code Execution (RCE) in a DoD website
2017-03-09 17:59:08
krebs
krebs
Equifax Hackers Stole 200k Credit Card Accounts in One Fell Swoop
2017-09-14 18:03:12
qualysblog
qualysblog
The Sky Is Falling! Responding Rationally to Headline Vulnerabilities
2018-04-19 23:00:03
How To Prioritize Vulnerabilities in a Modern IT Environment
2018-05-07 16:00:10
f5
f5
K43451236 : Apache Struts 2 vulnerability CVE-2017-5638
2017-03-09 00:00:00
atlassian
atlassian
Apache Struts 2 Remote Code Execution (CVE-2017-5638)
2017-03-10 04:31:09
Apache Struts 2 Remote Code Execution (CVE-2017-5638)
2017-03-10 04:57:51
Apache Struts 2 Remote Code Execution (CVE-2017-5638)
2017-03-10 04:31:09
openvas
openvas
Cisco Unified Communications Manager Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability
2017-03-14 00:00:00
VMSA-201-0004: vRealize Operations (vROps) Remote Code Execution Vulnerability Via Apache Struts 2
2017-03-31 00:00:00
Atlassian Bamboo Struts2 RCE Vulnerability
2017-03-15 00:00:00
myhack58
myhack58
osv
osv
CVE-2017-5638
2017-03-11 02:59:00
thn
thn
UK Regulator Fines Equifax £500,000 Over 2017 Data Breach
2018-09-20 13:54:00
New Apache Struts Zero-Day Vulnerability Being Exploited in the Wild
2017-03-09 01:03:00
New NKAbuse Malware Exploits NKN Blockchain Tech for DDoS Attacks
2023-12-15 05:25:00
threatpost
threatpost
Attacks Heating Up Against Apache Struts 2 Vulnerability
2017-03-09 12:25:46
Equifax Says 2.4 Million More People Impacted By Massive 2017 Breach
2018-03-02 15:12:57
Equifax to Pay $700 Million in 2017 Data Breach Settlement
2019-07-22 14:31:39
saint
saint
Apache Struts 2 Jakarta Multipart Parser file upload command execution
2017-03-16 00:00:00
Apache Struts 2 Jakarta Multipart Parser file upload command execution
2017-03-16 00:00:00
Apache Struts 2 Jakarta Multipart Parser file upload command execution
2017-03-16 00:00:00
kitploit
kitploit
struts-pwn - An exploit for Apache Struts CVE-2017-5638
2017-03-14 13:34:00
Apache Struts v3 - Tool To Exploit 3 RCE Vulnerabilities On ApacheStruts
2018-08-26 21:14:00
nessus
nessus
Apache Struts 2.3.5 - 2.3.31 / 2.5.x < 2.5.10.1 Jakarta Multipart Parser RCE (remote)
2017-03-08 00:00:00
Apache Struts 2.3.5 - 2.3.31 / 2.5.x < 2.5.10.1 Jakarta Multipart Parser RCE (S2-045) (S2-046)
2017-03-07 00:00:00
Apache Struts 2 RCE (CVE-2017-5638) (deprecated)
2017-04-12 00:00:00
packetstorm
packetstorm
Apache Struts 2 2.3.x / 2.5.x Remote Code Execution
2017-03-10 00:00:00
Apache Struts Jakarta Multipart Parser OGNL Injection
2017-03-14 00:00:00
canvas
canvas
Immunity Canvas: STRUTS_OGNL
2017-03-11 02:59:00
malwarebytes
malwarebytes
Equifax breach: What you need to know [updated]
2017-09-08 07:02:47
seebug
seebug
S2-046: Struts 2 Remote Code Execution vulnerability(CVE-2017-5638)
2017-03-21 00:00:00
S2-045: Struts 2 Remote Code Execution vulnerability(CVE-2017-5638)
2017-03-06 00:00:00
cisa_kev
cisa_kev
Apache Struts Remote Code Execution Vulnerability
2021-11-03 00:00:00
vmware
vmware
trendmicroblog
trendmicroblog
Linux is secure…right?
2017-06-15 19:00:13
Sound, Fury, And Nothing One Year After Equifax
2018-09-07 12:00:34
securelist
securelist
Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol
2023-12-14 13:00:40
cisco
cisco
checkpoint_advisories
checkpoint_advisories
Apache Struts2 Content-Type Remote Code Execution (CVE-2017-5638)
2017-03-07 00:00:00
Apache Struts 2 Content-Disposition Remote Code Execution (CVE-2017-5638)
2017-08-09 00:00:00
rapid7community
rapid7community
Apache Struts Vulnerability (CVE-2017-5638) Exploit Traffic
2017-03-15 14:29:55
impervablog
impervablog
Clustering App Attacks with Machine Learning Part 3: Algorithm Results
2018-06-19 22:41:03
redhatcve
redhatcve
CVE-2017-5638
2017-03-08 11:53:37
prion
prion
Design/Logic Flaw
2017-03-11 02:59:00
attackerkb
attackerkb
CVE-2017-5638
2017-03-11 00:00:00
CVE-2019-0230
2020-09-14 00:00:00
ubuntucve
ubuntucve
CVE-2017-5638
2017-03-11 00:00:00
cve
cve
CVE-2017-5638
2017-03-11 02:59:00
zdt
zdt
Apache Struts 2 2.3.x / 2.5.x Remote Code Execution Exploit
2017-03-12 00:00:00
Apache Struts Jakarta Multipart Parser OGNL Injection Exploit
2017-03-15 00:00:00
cert
cert
Apache Struts 2 is vulnerable to remote code execution
2017-03-14 00:00:00
huawei
huawei
github
github
Apache Struts vulnerable to remote arbitrary command execution due to improper input validation
2018-10-18 19:24:26
Bypassing OGNL sandboxes for fun and charities
2023-01-27 16:00:49
nuclei
nuclei
Apache Struts 2 - Remote Command Execution
2020-08-19 13:13:31
veracode
veracode
Remote Code Execution (RCE) Through Jakarta Multipart Parser
2017-03-09 12:39:55
cloudfoundry
cloudfoundry
CVE-2017-5638: Apache Struts Remote Code Execution | Cloud Foundry
2017-03-14 00:00:00
talosblog
talosblog
2017 in Snort Signatures.
2018-01-29 11:37:00
Another Apache Struts Vulnerability Under Active Exploitation
2017-09-07 15:42:00
pentestit
pentestit
UPDATE: Infection Monkey 1.6.1
2018-12-03 22:28:53
JexBoss: Java Deserialization Verification & EXploitation Tool!
2017-08-11 06:52:45
nmap
nmap
http-vuln-cve2017-5638 NSE Script
2017-03-10 17:53:45
ics
ics
Top 10 Routinely Exploited Vulnerabilities
2020-05-12 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2017
2018-03-20 00:00:00
Oracle Critical Patch Update Advisory - April 2017
2017-04-18 00:00:00
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%
Related for KITPLOIT:9079806502812490909