CVE-2018-2628

[syrius01]

Hi kkirsche!

This issue is not really an issue but I was wondering if you plan to add support for CVE-2018-2628 to the tools on this repository that you shared with the community? I'm asking since it's the best tool I've found yet, really enjoy the way it's made :)

Thank you for your time!

[kkirsche]

Hm, that sounds interesting. Let me take a look at it and see if I can put something together for it

[syrius01]

Yes CVS score is high (9.8/10), looks very critical. So far all the PoCs I've found are only for detecting if the server is vulnerable but no way on verify if we can execute remote code on the potential vulnerable server.

[syrius01]

Hi kkirsche!

update; so far I am able to proceed to the handshake and sending the payload but I'm having issues getting the reverse shell, probably because I didn't create the payload the proper way to get a reverse shell with ysoserial.

Did you have any luck on your side?

Thanks!

[kkirsche]

I've been able to get it to work relatively reliably but hate having to rely on ysoserial, so the time consuming part has been getting an easy conversion tool in place to build the final payload. I hope to have something for this, but not sure if that's a realistic goal. I just hate having to install and run java stuff like ysoserial.

[syrius01]

That would be great if it could work without ysoserial but I would be very happy also to find out why I'm not getting the reverse shell, maybe the way I've generated the payload is wrong, can I ask you which syntax did you use to generate your payload in order to obtain the reverse shell?