Confluence CVE 2021,2022,2023 利用工具,支持命令执行,哥斯拉,冰蝎 内存马注入
- 支持 Confluence 版本:CVE-2021-26084,CVE-2022-26134,CVE_2023_22515,CVE-2023-22527
- (如果对您有帮助,感觉不错的话,请您给个大大的 ⭐️❗️)
- 哥斯拉默认密码:pass ,默认key:key ,请求配置 - 协议头 需加上
Connection: close
- 冰蝎默认密码:rebeyond,默认UA:Accept-Language:zh-CN,zh;q=0.95,n-AS,fr-RF
- 只有 CVE-2022-26134 版本支持哥斯拉,冰蝎自定义密码,其他版本都是默认密码
V1.1版本
- 新增 CVE_2023_22515,用户创建,内存马注入,基于 CmdShell 的命令执行
- table 双击复制当前行,shell路径,key,ua
- 哥斯拉 memshell 地址:url+/plugins/servlet/com/atlassian/TeamManageServlet
- 哥斯拉默认密码:pass ,默认key:key ,请求配置 - 协议头 需加上
Connection: close
- CmdShell 地址:url+/plugins/servlet/com/atlassian/TeamManageServlet?team=whoami
- 创建用户
![image](https://private-user-images.githubusercontent.com/63742814/300168439-ced702d4-c8bf-4b97-bc2c-00e298b69d20.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTQ2MjUzNTYsIm5iZiI6MTcxNDYyNTA1NiwicGF0aCI6Ii82Mzc0MjgxNC8zMDAxNjg0MzktY2VkNzAyZDQtYzhiZi00Yjk3LWJjMmMtMDBlMjk4YjY5ZDIwLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA1MDIlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNTAyVDA0NDQxNlomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTZlZTRhYTliMTYxNGI1NmNlNDM2NWMxMzI0OWE4ZjJhYzQ5NGNlZWY0NTIzOTE2NjIzNmFkZThmOWIxNzkzNDImWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.gQICLcZCEbYPahgfn7wNoCjVtif-GVbes0x323N0KP4)
- 成功创建
![image](https://private-user-images.githubusercontent.com/63742814/300167255-ae4d1a0c-bd45-49aa-9107-563898954c4f.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTQ2MjUzNTYsIm5iZiI6MTcxNDYyNTA1NiwicGF0aCI6Ii82Mzc0MjgxNC8zMDAxNjcyNTUtYWU0ZDFhMGMtYmQ0NS00OWFhLTkxMDctNTYzODk4OTU0YzRmLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA1MDIlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNTAyVDA0NDQxNlomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTI4NmI4MzBiMzNkYjY0NjkxNGU2NjBlYmQ1NjRhMjRhNWUzMTM1YTNhYjY2MGU1MGJhZTllN2M2Njk4OTcwMTUmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.jUSxB-WxPOXFsA3fMbc6zs37zc5yYoH7wx6S7_wvRYg)
- 生成恶意插件 Jar 包(包含哥斯拉,和CmdShell)
![image](https://private-user-images.githubusercontent.com/63742814/300168491-72774447-7fd1-4a75-81a2-fbc3bfa214b0.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTQ2MjUzNTYsIm5iZiI6MTcxNDYyNTA1NiwicGF0aCI6Ii82Mzc0MjgxNC8zMDAxNjg0OTEtNzI3NzQ0NDctN2ZkMS00YTc1LTgxYTItZmJjM2JmYTIxNGIwLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA1MDIlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNTAyVDA0NDQxNlomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTZlMWQ0NmVlY2RkNThkOTIzYmRjYzNkZWIxMDhlMGRhOWVmNGM5ZDdiNmExY2MxZjVhYmQ1MGU1NDVhYzkyY2EmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.y3zm8oYi63iw7bJhr5XaJ_4YZPSlVdOtbtaACD4J19Y)
- 显示内存马地址,和pass:key(双击复制,shell路径,key,ua)
![image](https://private-user-images.githubusercontent.com/63742814/300167378-621f2e34-4055-48d8-995e-559fdb056ebf.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTQ2MjUzNTYsIm5iZiI6MTcxNDYyNTA1NiwicGF0aCI6Ii82Mzc0MjgxNC8zMDAxNjczNzgtNjIxZjJlMzQtNDA1NS00OGQ4LTk5NWUtNTU5ZmRiMDU2ZWJmLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA1MDIlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNTAyVDA0NDQxNlomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTkwMDdiYWFmNWZhOTU2N2E1M2E1MjE1Mzk5YmNhMWQyODc1YmE4ZGI3YzUzNDBkYTAzNzU5YjAxOTg1ZjAwZGQmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.IV5giNQc4rpp5Tc3c5FJx6Zz2twSblhRiarI5_aGn5U)
- 用创建的用户进后台,插件功能地址: url+/plugins/servlet/upm,上传插件(不用等传完,直接刷新就有了。)
![image](https://private-user-images.githubusercontent.com/63742814/300167589-694e70af-cd88-4bac-958e-fe4c55d2e414.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTQ2MjUzNTYsIm5iZiI6MTcxNDYyNTA1NiwicGF0aCI6Ii82Mzc0MjgxNC8zMDAxNjc1ODktNjk0ZTcwYWYtY2Q4OC00YmFjLTk1OGUtZmU0YzU1ZDJlNDE0LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA1MDIlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNTAyVDA0NDQxNlomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPWZlNWZkNTQyOTczNGFhZTQ0OTRmYTRiYmJiNjAyNTU2NmMwNDM4ZGVmMTc1MzVkODJiMjIxZDllYjFlNjk0YzUmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.F7Df5Q40jpGHObUSXQ-dRHQmGMRkmYElv3Msf4mDR5k)
- 哥斯拉连接
![image](https://private-user-images.githubusercontent.com/63742814/300167658-55bbc76a-33cc-466c-b84f-331fa5de6bbd.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTQ2MjUzNTYsIm5iZiI6MTcxNDYyNTA1NiwicGF0aCI6Ii82Mzc0MjgxNC8zMDAxNjc2NTgtNTViYmM3NmEtMzNjYy00NjZjLWI4NGYtMzMxZmE1ZGU2YmJkLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA1MDIlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNTAyVDA0NDQxNlomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPWZhOWJlYWUzYjIzNTAwYmY4Yjc5Mzk3Zjg3NjQ1ZDQ4MmI4N2FjMzY2NzU5N2IwODUxM2FhMmZlNTI3ZTBmMmMmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.2DRQ1ZyZuRCtLrZIecpIlvbQtUjqzK_AaksDk4Z09Jo)
- 基于插件 CmdShell 命令执行
![image](https://private-user-images.githubusercontent.com/63742814/300167750-654ca5a9-85a3-4fdf-b994-06fffc8d10f8.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTQ2MjUzNTYsIm5iZiI6MTcxNDYyNTA1NiwicGF0aCI6Ii82Mzc0MjgxNC8zMDAxNjc3NTAtNjU0Y2E1YTktODVhMy00ZmRmLWI5OTQtMDZmZmZjOGQxMGY4LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA1MDIlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNTAyVDA0NDQxNlomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPWFiYzBiYzg2ZGM0Zjg3NDM4YTI3OTI1OTMzODYxOTYwODk1YWE3MzIxNjAyMmIxZmJlMzdhZWVlZWYyZTQ3NmYmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.EZ7KWHDdLTeDelUBWlU12-Lt0EaQih5pVuA1cTUCgsQ)
V1.0
- 命令执行(其他 CVE 版本同理)
![image](https://private-user-images.githubusercontent.com/63742814/299994269-ebbad08a-994c-4717-818a-721f24250119.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTQ2MjUzNTYsIm5iZiI6MTcxNDYyNTA1NiwicGF0aCI6Ii82Mzc0MjgxNC8yOTk5OTQyNjktZWJiYWQwOGEtOTk0Yy00NzE3LTgxOGEtNzIxZjI0MjUwMTE5LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA1MDIlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNTAyVDA0NDQxNlomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTY1MWRmMGY4MmM5YzFlZDJlNmRmMjBkNDg5OGUzYjI0MDA0NzM1ZTBlN2ZhYWFiZmFlYzQ1NzkxMzZjMzBjMmEmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.7kKwXPgPMjg_T1YaRsb4tQ68p30--lzzNQZK6dbMhQM)
- 内存马注入(其他 CVE 版本同理)
- 哥斯拉
![image](https://private-user-images.githubusercontent.com/63742814/299998019-b7221eaa-d7d5-4fce-ba77-d3f1969b492a.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTQ2MjUzNTYsIm5iZiI6MTcxNDYyNTA1NiwicGF0aCI6Ii82Mzc0MjgxNC8yOTk5OTgwMTktYjcyMjFlYWEtZDdkNS00ZmNlLWJhNzctZDNmMTk2OWI0OTJhLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA1MDIlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNTAyVDA0NDQxNlomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTI4OGI4NmUwNDI4NDQ1NTJiZjA5M2QxMzMwZTg2ZjU0MTRjMmNkNWVhMGFmNTQ2MmI0NTk4YzI2Y2MyYzUzY2EmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.wNwSZd5wmB4ydTTh8BeFsZ0HXbBSxtpR5oYStQMcyiY)
![image](https://private-user-images.githubusercontent.com/63742814/299994952-0cc1c2cf-b0b8-43f0-8b18-9d3333824cef.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTQ2MjUzNTYsIm5iZiI6MTcxNDYyNTA1NiwicGF0aCI6Ii82Mzc0MjgxNC8yOTk5OTQ5NTItMGNjMWMyY2YtYjBiOC00M2YwLThiMTgtOWQzMzMzODI0Y2VmLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA1MDIlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNTAyVDA0NDQxNlomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTdiZjJmNjU4MWI5MjNlMmE1Nzk1NTY0ZTcwZDdjNmVhNWRhZmQ2NDJhYTg4ZGZmMTc2YzMwODUzOTZjY2Q2MzgmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.Fu6CLNz_vXJsZLcnTbtxzyKriZjwOZf83f8BpioAJ0k)
- 冰蝎
![image](https://private-user-images.githubusercontent.com/63742814/300004229-21861463-c3ba-41f5-a7a7-9249758eb8e3.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTQ2MjUzNTYsIm5iZiI6MTcxNDYyNTA1NiwicGF0aCI6Ii82Mzc0MjgxNC8zMDAwMDQyMjktMjE4NjE0NjMtYzNiYS00MWY1LWE3YTctOTI0OTc1OGViOGUzLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA1MDIlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNTAyVDA0NDQxNlomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPWQ3MzdkMmI4ZWIwNjRkNmQ4YTZkOGYxZWVlOTA5ZDY1MmExMmQ2ODg0OTJiODY3MTk1OWY2Zjc2ZDA1ZTYxN2QmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0._PYlglN4PD5G2Trt8UtrOShXEXIZtu1yZ42uxM55YAI)
![image](https://private-user-images.githubusercontent.com/63742814/299998513-d95dd5c7-6843-4c3c-aac7-bb3147e32005.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTQ2MjUzNTYsIm5iZiI6MTcxNDYyNTA1NiwicGF0aCI6Ii82Mzc0MjgxNC8yOTk5OTg1MTMtZDk1ZGQ1YzctNjg0My00YzNjLWFhYzctYmIzMTQ3ZTMyMDA1LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA1MDIlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNTAyVDA0NDQxNlomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTAwMTM1ZThkMzNhMmE1MTVmYjc0YjBkMmY5NGEzNmQ4MjU3YmViMzZhMGEwMzdlNGRmMTZkYjFlMzNkOGI2MGQmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.XQc9wrgA_w-ufSke5CU8_k8NgZxOzJoFnbe76OppPME)
参考
https://github.com/BeichenDream/CVE-2022-26134-Godzilla-MEMSHELL https://github.com/aaaademo/Confluence-EvilJar
免责声明
本工具仅能在取得足够合法授权的企业安全建设中使用,在使用本工具过程中,您应确保自己所有行为符合当地的法律法规。
如您在使用本工具的过程中存在任何非法行为,您将自行承担所有后果,本工具所有开发者和所有贡献者不承担任何法律及连带责任。