From f8b85ea84074bae646ac70ee68bdd755fc94c622 Mon Sep 17 00:00:00 2001 From: Dmitriy Shafranskiy Date: Tue, 21 Jan 2020 08:52:57 +0100 Subject: [PATCH 1/2] changed phrasing on External folder --- activemq/CVE-2015-5254/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/activemq/CVE-2015-5254/README.md b/activemq/CVE-2015-5254/README.md index 00a0fb6842..b566c50805 100644 --- a/activemq/CVE-2015-5254/README.md +++ b/activemq/CVE-2015-5254/README.md @@ -28,7 +28,7 @@ The exploit process is as follows: 2. send payload to port 61616 3. Access the web management page and read the serialization messages, then u can trigger vulnerability. -To exploit this environment we will use [jmet](https://github.com/matthiaskaiser/jmet) (Java Message Exploitation Tool). First download the jar file of jmet, and create an external folder in the same directory (otherwise it may occur the error that the folder does not exist). +To exploit this environment we will use [jmet](https://github.com/matthiaskaiser/jmet) (Java Message Exploitation Tool). First download the jar file of jmet, and create folder called __`external`__ in the same directory (otherwise it may occur the error that the folder does not exist). the jmet is to use ysoserial to generate Payload and send it (the jar comes with ysoserial, we don't no need to download it again), so we need to choose one that can be used in ysoserial as the gadget, such as ROME. @@ -52,4 +52,4 @@ Replace the command with a reverse shell statement and reuse it: ![](4.png) -It's worth noting that accessing messages through the web administration page and triggering the vulnerability requires administrator privileges. In the absence of password, we can induce administrator visit our link to trigger, or disguised as legitimate messages from other services need to wait for client access when triggered. \ No newline at end of file +It's worth noting that accessing messages through the web administration page and triggering the vulnerability requires administrator privileges. In the absence of password, we can induce administrator visit our link to trigger, or disguised as legitimate messages from other services need to wait for client access when triggered. From 6aad82167ea9720f6051d007de647608795fee82 Mon Sep 17 00:00:00 2001 From: Dmitriy Shafranskiy Date: Tue, 21 Jan 2020 15:47:50 +0100 Subject: [PATCH 2/2] updated highlighting for external folder --- activemq/CVE-2015-5254/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/activemq/CVE-2015-5254/README.md b/activemq/CVE-2015-5254/README.md index b566c50805..9023b5bc8f 100644 --- a/activemq/CVE-2015-5254/README.md +++ b/activemq/CVE-2015-5254/README.md @@ -28,7 +28,7 @@ The exploit process is as follows: 2. send payload to port 61616 3. Access the web management page and read the serialization messages, then u can trigger vulnerability. -To exploit this environment we will use [jmet](https://github.com/matthiaskaiser/jmet) (Java Message Exploitation Tool). First download the jar file of jmet, and create folder called __`external`__ in the same directory (otherwise it may occur the error that the folder does not exist). +To exploit this environment we will use [jmet](https://github.com/matthiaskaiser/jmet) (Java Message Exploitation Tool). First download the jar file of jmet, and create folder called **external** in the same directory (otherwise it may occur the error that the folder does not exist). the jmet is to use ysoserial to generate Payload and send it (the jar comes with ysoserial, we don't no need to download it again), so we need to choose one that can be used in ysoserial as the gadget, such as ROME.