It's RabbitMask

Intro

Listen to me Pls.

我已经快要忘记，
当初为何选择这个ID。
我不知道戴上面具的我，
会更加真实、亦或是虚伪。
我不知道伪装成我的我，
该忠于法则、亦或是道德。

RabbitMask！
初心还是信仰都不重要了,
这个面具至少会让我好受些。

skill

WEB渗透.

熟悉主流漏洞,熟悉主流工具,专注于漏洞挖掘自动化方向.

内网渗透.

包括但不限于MSF、CS,上可免杀过狗,下可投毒钓鱼.

代码审计.

熟悉主流代审工具与人工流程,包括Fortify、Seay等.

编程开发.

主专业软件开发方向,加持信安,更多刀具敬请期待.

语言基础.

PYTHON、JAVA
C/C++、PHP、HTML+JS+CSS
C#、Ruby、Go

NeverMore

情书吖

你可能会在许多地方见到'情书吖'这个ID，
哟，不用疑惑，也是兔纸本人了啦！

我们的故事，自此展开……

Hello!

Hello，I'm RabbitMask.

WeblogicScan.


__        __   _     _             _        ____
\ \      / /__| |__ | | ___   __ _(_) ___  / ___|  ___ __ _ _ __
 \ \ /\ / / _ \ '_ \| |/ _ \ / _` | |/ __| \___ \ / __/ _` | '_ \
  \ V  V /  __/ |_) | | (_) | (_| | | (__   ___) | (_| (_| | | | |
   \_/\_/ \___|_.__/|_|\___/ \__, |_|\___| |____/ \___\__,_|_| |_|
			     |___/
			     By Tide_RabbitMask | V 1.3

Welcome To WeblogicScan !!!
Whoami：rabbitmask.github.io
Usage: python3 WeblogicScan [IP] [PORT]
[*]Console path is testing...
[+]The target Weblogic console address is exposed!
[+]The path is: http://127.0.0.1:7001/console/login/LoginForm.jsp
[+]Please try weak password blasting!
[*]CVE_2014_4210 is testing...
[+]The target Weblogic UDDI module is exposed!
[+]The path is: http://127.0.0.1:7001/uddiexplorer/
[+]Please verify the SSRF vulnerability!
[*]CVE_2016_0638 is testing...
[-]Target weblogic not detected CVE-2016-0638
[*]CVE_2016_3510 is testing...
[-]Target weblogic not detected CVE-2016-3510
[*]CVE_2017_3248 is testing...
[-]Target weblogic not detected CVE-2017-3248
[*]CVE_2017_3506 is testing...
[-]Target weblogic not detected CVE-2017-3506
[*]CVE_2017_10271 is testing...
[-]Target weblogic not detected CVE-2017-10271
[*]CVE_2018_2628 is testing...
[-]Target weblogic not detected CVE-2018-2628
[*]CVE_2018_2893 is testing...
[-]Target weblogic not detected CVE-2018-2893
[*]CVE_2018_2894 is testing...
[-]Target weblogic not detected CVE-2018-2894
[*]CVE_2019_2725 is testing...
[+]The target weblogic has a JAVA deserialization vulnerability:CVE-2019-2725
[+]Your current permission is:  rabbitmask\rabbitmask
[*]CVE_2019_2729 is testing...
[+]The target weblogic has a JAVA deserialization vulnerability:CVE-2019-2729
[+]Your current permission is:  rabbitmask\rabbitmask
[*]Happy End,the goal is 127.0.0.1:7001

download

Contact

简书
简书

FreeBuf
FreeBuf

GitHub
GitHub

点击前面那个小丢丢,欢迎各种站内私信骚扰.