F5 BIG-IP iControl REST vulnerability RCE exploit with Java including a testing LAB

Overview

CVE-2022-1388

F5 BIG-IP iControl REST vulnerability RCE exploit with Java and ELF.

Included

  • Scan a single target
  • Scan many targets
  • Exploit with a shell
JDK11 required for jar file only. If you don't have JDK, you can run the linux executable (it is faster).

Setup LAB

  • You can find the lab Here

Download

  • Download windows executable file Here
  • Download JAR file Here
  • Download native executable for linux (x86_64) Here

Run

`user# java -jar CVE2022-1388.jar help`
or
`user# CVE2022-1388.exe help`
or
`user# ./exec help`

Output:
Scan a single target: `java -jar cve-2022-1388.jar scheck`
Scan targets from a file: `java -jar cve-2022-1388.jar mcheck`
Exploit a target: `java -jar cve-2022-1388.jar exploit`

Screenshot

Author

Zeyad Azima

Contrib

Morad Abdelrasheed (Further updates soon)

You might also like...

Source for the SpringOne 2021 Knative + Tekton lab

springone-2021-knative-tekton Source for the SpringOne 2021 Knative + Tekton lab See the slides for the main class content; in addition, if you want t

Apr 25, 2022

Log4shell docker lab using christophetd's vulnerable app and mbechler's marshalsec

log4shell-dockerlab Credits All credits goes to the original authors. I just git-cloned and created a docker-compose file, that's all. LunaSec - log4s

Nov 17, 2022

Spring Boot Log4j - CVE-2021-44228 Docker Lab

Spring Boot Log4j - CVE-2021-44228 Docker Lab

Spring Boot Log4j - CVE-2021-44228 The Log4Shell vulnerability (CVE-2021-44228) ultimately is a quite simple JNDI Injection flaw, but in a really real

Jun 10, 2022

This repo contains all the materials for placement as well as Practical lab codes for all subjects and notes. For students graduating in 2023

UEMK_PLACEMENT_2023 This repo contains all the materials for placement as well as Practical lab codes for all subjects and notes. For students graduat

Mar 5, 2022

Code Lab Questions Fall 2021

CodeLab Fall 2021 Week 1 Multiply Strings https://leetcode.com/problems/multiply-strings/ String Compression https://leetcode.com/problems/string-comp

Jan 6, 2023

Spring Cloud Netflix Hystrix Dashboard template resolution vulnerability CVE-2021-22053

CVE-2021-22053: Spring Cloud Netflix Hystrix Dashboard template resolution vulnerability Severity High Vendor Spring by VMware Description Application

Dec 16, 2022

Logout4Shell - Use Log4Shell vulnerability to vaccinate a victim server against Log4Shell

Logout4Shell - Use Log4Shell vulnerability to vaccinate a victim server against Log4Shell

Logout4Shell Description A vulnerability impacting Apache Log4j versions 2.0 through 2.14.1 was disclosed on the project’s Github on December 9, 2021.

Jan 3, 2023

This project will help to test the Log4j CVE-2021-44228 vulnerability.

Log4j-JNDIServer This project will help to test the Log4j CVE-2021-44228/CVE-2021-45046 vulnerabilities. Installation and Building Load the project on

Jun 30, 2022

BinAbsInspector: Vulnerability Scanner for Binaries

What is BinAbsInspector? BinAbsInspector (Binary Abstract Inspector) is a static analyzer for automated reverse engineering and scanning vulnerabiliti

Jan 4, 2023
Releases(CVE-2022-1388)
Owner
Zer0verflow
Offensive Person, who is playing around the core of the 7 layers to build the 0Day Empire.
Zer0verflow
Spring 2019-2020 Java Programming course lab -- Chongqing University. Include my source codes and lab reports.

JAVA_GUI_File_Manager Spring 2019-2020 JAVA Programming course homeworks -- Chongqing University. Include my source codes and reports. Contents: Draw

Chase/Jiaxuan Cai 6 Nov 11, 2022
Spring 2019-2020 Java Programming course lab -- Chongqing University. Include my source codes and lab reports.

JAVA_GUI_File_Manager Spring 2019-2020 JAVA Programming course homeworks -- Chongqing University. Include my source codes and reports. Contents: achie

Chase/Jiaxuan Cai 6 Jun 29, 2022
CSL304: OOPM (Java) Lab [OOPM Lab]

OOPM-JAVA-LAB CSL304: OOPM LAB [SEMESTER III] Syllabus OOPM (JAVA) - Reference Books OOPM Lab 1D Array 2D Array Abstract Class Accept Input From User

AMEY THAKUR 8 Nov 8, 2022
Non intrusive log4j2 RCE vulnerability patch.

Log4j Patch Resolve the RCE vulnerability caused by JNDI lookup in log4j 2.0~2.14.1. It is licensed under the WTFPL 2.0 license, you can do anything w

Glavo 67 Dec 2, 2022
Deploys an agent to fix CVE-2021-44228 (Log4j RCE vulnerability) in a running JVM process

-- This repository has been archived -- Further development of this tool will continue at corretto/hotpatch-for-apache-log4j2. Thanks for sharing, com

Volker Simonis 108 Dec 23, 2021
A pre-authenticated RCE exploit for Inductive Automation Ignition

Randy What This is a pre-authenticated RCE exploit for Inductive Automation Ignition that impacts versions <= 8.1.16. We failed to exploit the bugs at

Source Incite 36 Sep 23, 2022
Spring REST API for financial management, developed with Java 11, JWT for authentication, JUnit for unit testing and Oracle Database

control_financial Spring REST API for financial management, developed with Java 11, JWT for authentication, JUnit for unit testing and Oracle Database

Vinicius Cassaro 1 May 27, 2022
Generate and read big Excel files quickly

fastexcel fastexcel-writer There are not many alternatives when you have to generate xlsx Excel workbooks in Java. The most popular one (Apache POI) i

Cegid Conciliator 449 Jan 1, 2023
Projeto de LAB: Conhendo o projeto Spring data JPA com Java na prática

Conhecendo o Projeto Spring Data JPA na Prática Sejam bem-vindos ao projeto de LAB Conhecendo o Projeto Spring Data JPA na Prática oferecido gratuitam

Camila Cavalcante 130 Dec 31, 2022
Lab "Criando um Banco Digital com Java e Orientação a Objetos".

Criando um Banco Digital com Java e Orientação a Objetos 02/08/2021 - Mentoria #1: Tire Suas Dúvidas Sobre Orientação a Objetos Desafio: Considerando

Venilton FalvoJr 111 Dec 6, 2022