Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/typicalmodmaker/cve-2024-4956

Proof-Of-Concept (POC) for CVE-2024-4956
https://github.com/typicalmodmaker/cve-2024-4956

cve cve-2024-4956 exploit poc proof-of-concept proofofconcept vulnerability

Last synced: about 2 months ago
JSON representation

Proof-Of-Concept (POC) for CVE-2024-4956

Host: GitHub
URL: https://github.com/typicalmodmaker/cve-2024-4956
Owner: TypicalModMaker
Created: 2024-05-28T21:20:53.000Z (7 months ago)
Default Branch: main
Last Pushed: 2024-05-29T07:37:15.000Z (7 months ago)
Last Synced: 2024-05-30T13:46:53.835Z (7 months ago)
Topics: cve, cve-2024-4956, exploit, poc, proof-of-concept, proofofconcept, vulnerability
Language: Python
Homepage:
Size: 45.9 KB
Stars: 2
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # Servers vulnerable to [CVE-2024-4956](https://support.sonatype.com/hc/en-us/articles/29416509323923-CVE-2024-4956-Nexus-Repository-3-Path-Traversal-2024-05-16)

Nexus Repository Manager 3 Unauthenticated Path Traversal

Servers running on the nexus docker image are excluded 

all-servers-from-shodan.txt - list of all sonatype nexus servers on shodan\

all-servers-vulnerable.txt - list of all vulnerable sonatype nexus servers that are vulnerable\

all-servers-running-as-root-vulnerable.txt - list of all vulnerable sonatype nexus servers that are being ran as root

check-vulnerable-servers.py - checks if /etc/passwd exists from all-servers-from-shodan.txt\

check-root-servers.py - checks if /etc/shadow exists from all-servers-from-shodan.txt\

check-private_keys.py - checks for common private key paths on root from all-servers-running-as-root-vulnerable.txt and tries to ssh as root with found keys