Simplest and most reliable RichFaces Paint2DResource CVE-2018-12533 RF-14310 exploit PoC<h4 align="center">Simplest and most reliable RichFaces Paint2DResource CVE-2018-12533 RF-14310 exploit</h4>
<p align="center">
<a href="#installation-instructions">Installation</a> •
<a href="#usage">Usage</a> •
<a href="#running-paint2die">Running Paint2Die</a>
</p>
---
# Installation Instructions
```sh
git clone https://github.com/LucasKatashi/paint2die.git
cd paint2die
chmod +x paint2die.py
pip install -r requirements.txt
```
# Usage
```sh
./paint2die -h
```
This will display help for the tool. Here are all the switches it supports.
```console
Usage:
./paint2die [flags]
_____ _ _ ___ ____ _
| _ |___|_|___| |_|_ | \|_|___
| __| .'| | | _| _| | | | -_|
|__| |__,|_|_|_|_| |___|____/|_|___|
by: Lucas Katashi
usage: paint2die.py [-h] -t TARGET [-c COMMAND] [-r REVERSE] [-s]
paint2die.py: error: the following arguments are required: -t/--target
RichFaces CVE-2018-12533 RF-14310 exploit
options:
-h, --help show this help message and exit
-t, --target TARGET URL of RichFaces application, i.e:
http://example.com/app/a4j/g/3_3_3.Final
-c, --command COMMAND
Command to execute
-r, --reverse REVERSE
IP:PORT for reverse shell
-s, --silence Silence output
```
## References
- https://web.archive.org/web/20211118021323/https://www.lucifaer.com/2018/12/05/RF-14310%EF%BC%88CVE-2018-12533%EF%BC%89%E5%88%86%E6%9E%90/
[4.0K] /data/pocs/d6bd01505fab6e4a20d5d6a81dfea218eef531ac
├── [1.1K] LICENSE.md
├── [2.6K] paint2die.py
├── [3.8K] pom.xml
├── [1.5K] README.md
├── [ 29] requirements.txt
└── [4.0K] src
└── [4.0K] main
├── [4.0K] java
│ └── [4.0K] cve_2018_12533
│ └── [4.5K] Main.java
└── [4.0K] python
├── [4.0K] core
│ ├── [ 368] checkDocker.py
│ ├── [ 607] checkSdkman.py
│ ├── [1.8K] generateJar.py
│ ├── [ 833] generatePayload.py
│ ├── [ 254] generateReverse.py
│ ├── [ 395] installSdkman.py
│ └── [ 576] sendPayload.py
└── [4.0K] ui
└── [ 397] printBanner.py
8 directories, 14 files