|Author: Rednofozi||, Published: 01-11-2018|
Hack server with apache struts exploit
After a while, we again saw a new and sensitive bug for Apache Struts
A new vulnerability has been discovered for the Apache-Struts service, which is rce type (Remote File Include)
This security hole is in versions 2, 3 to 2, 3, 34 | There are 2.5-18.104.22.168
And to update the server security, be sure to update it to the latest version
This vulnerability can be used in a variety of ways, but in this tutorial, we introduce two tools that are easy to use.
Hacking the server training using the first method
Be careful at first. In the system you want to test the exploit, install Python 2 or 3, because the tool is written in Python.
Download the tool from the download section at the bottom of the page. To download as a folder in your Linux, use the following command
git clone link
Then enter the downloaded folder with the following command, which is the main tool
To check the site that is vulnerable to this vulnerability, enter the address below as shown below
python3 struts-pwn.py -url https://site.com/struts2-showcase/index.action
If you want to check multiple websites at the same time, save them in a file and submit your file to the program as a list to be saved.
python3 struts-pwn.py -list list-site.txt
Use the following command to use this vulnerability:
python3 struts-pwn.py -exploit -url 'https://site.com/struts2-showcase/index.action' -c id
Server penetration testing through APAC
Secondary Hacking Method Secondary Hacking Tool
Another tool we introduce to use vulnerabilities with the following identifiers
Hack iphone and ways to deal
First download the tool from the download section
git clone link
Then enter the downloaded folder
Now run the tool with the following command
Apache struts vulnerability tool
After the tool is executed, it does not need to be used as a switch, and each option you want to use is in the toolbar
The tool that was executed will enter the link of the site you want and run exploit if there is a vulnerability.
You will have full access to the remote control and you can execute your commands on the site server
The second tool introduced is a relatively simpler way to hack the server, but the second tool gives you more options.
Your choice depends on your type of work and to ensure security against this security hole, be sure to update all installed server packages.
The first tool
Like us on Facebook :