Serialator
Python script to exploit CVE-2015-4852.
Install / Use
/learn @roo7break/SerialatorREADME
serialator
Python script to exploit CVE-2015-4852.
Description
During a recent engagement, I found that Nessus was now actively exploiting vulnerabilities for confirmation. When I checked the associated nasl script I found that the payload was generic enough to be used on a standalone script. Hence, I collected the payloads from all the nasl scripts that were part of the same RCE vulnerability (but for separate applications) and wrapped them with Python magic. Next time you see a vulnreable application, use this script.
Changelog:
- Update 29/02/2016 ** Initial commit. Ready for testing.
Author
Nikhil Sreekumar (@roo7break)
Target applications
- Websphere
- JBoss
- OpenNMS
- Symantec Endpoint Protection Manager
Included scripts
- serialator.py - Main exploit script
- ICMPListener.py - To setup a ICMP listener using scapy. Used alongside serialator.py for testing if target is vulnerable or not.
Code details
- Python3 No additional packages required
What next
- Incorporate ysoserial.jar or its payload generation
- Threaded exploiter - Weapon of mass exploitation :D
- Automated testing
Related Skills
node-connect
347.9kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
108.7kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
347.9kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
347.9kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
