Python script to exploit CVE-2015-4852.# serialator
Python script to exploit CVE-2015-4852.
## Description
During a recent engagement, I found that Nessus was now actively exploiting vulnerabilities for confirmation. When I checked the associated nasl script I found that the payload was generic enough to be used on a standalone script. Hence, I collected the payloads from all the nasl scripts that were part of the same RCE vulnerability (but for separate applications) and wrapped them with Python magic.
Next time you see a vulnreable application, use this script.
## Changelog:
* Update 29/02/2016
** Initial commit. Ready for testing.
## Author
Nikhil Sreekumar (@roo7break)
## Target applications
* Websphere
* JBoss
* OpenNMS
* Symantec Endpoint Protection Manager
## Included scripts
* serialator.py - Main exploit script
* ICMPListener.py - To setup a ICMP listener using scapy. Used alongside serialator.py for testing if target is vulnerable or not.
## Code details
* Python3
No additional packages required
## What next
* Incorporate ysoserial.jar or its payload generation
* Threaded exploiter - Weapon of mass exploitation :D
* Automated testing
[4.0K] /data/pocs/77bc3e895f43217b9865730b4dd6d0d5345680e0
├── [1.7K] ICMPListener.py
├── [1.1K] README.md
└── [ 34K] serialator.py
0 directories, 3 files