Python script to exploit CVE-2015-4852.
During a recent engagement, I found that Nessus was now actively exploiting vulnerabilities for confirmation. When I checked the associated nasl script I found that the payload was generic enough to be used on a standalone script. Hence, I collected the payloads from all the nasl scripts that were part of the same RCE vulnerability (but for separate applications) and wrapped them with Python magic. Next time you see a vulnreable application, use this script.
- Update 29/02/2016 ** Initial commit. Ready for testing.
Nikhil Sreekumar (@roo7break)
- Websphere
- JBoss
- OpenNMS
- Symantec Endpoint Protection Manager
- serialator.py - Main exploit script
- ICMPListener.py - To setup a ICMP listener using scapy. Used alongside serialator.py for testing if target is vulnerable or not.
- Python3 No additional packages required
- Incorporate ysoserial.jar or its payload generation
- Threaded exploiter - Weapon of mass exploitation :D
- Automated testing