bakerbaker Posted April 3, 2018 Share Posted April 3, 2018 I'm able to successfully exploit the Apache Struts vulnerability on port 8282 within Metasploitable3. The problem is, I'm not finding a way to detect the vulnerability exists. I've downloaded http-vuln-cve2018-5638 for nmap, but that doesn't show this vulnerability, and I've also attempted struts-pwn with no luck. Additionally, the Nessus scanner shows a critical vulnerability with ManageEngine on that port, which looks like an easy exploit but doesn't indicate Struts is a problem. Nmap shows "Apache Tomcat/Coyote JSP engine 1.1", "Apache-Coyote/1.1", and "Apache Tomcat/8.0.33". Metasploit struts_dmi_rest_exec shows it's vulnerable, and as I stated, I can use this module to exploit the system. Can anyone point me to something outside of a manual check with Metasploit that I can use to check for this vulnerability? Thank you. Quote Link to comment Share on other sites More sharing options...
digininja Posted April 3, 2018 Share Posted April 3, 2018 I've not got a link to hand but search the SANS webcasts for one on struts by Moses. He explains a lot about it and goes into details on how it works. One of the things he explains is there is no way to detect the vulnerability without exploiting it. There are things to look for to spot that struts may be in use but nothing to reveal the exact versions. Quote Link to comment Share on other sites More sharing options...
pentestgeek Posted April 13, 2018 Share Posted April 13, 2018 I've exploited/verified struts using Burp Suite. Simply injecting a Java sleep 20 second delay versus 1 second delay will show PoC. If you want to go full compromise you can use Java System calls to execute a reverse shell Quote Link to comment Share on other sites More sharing options...
bakerbaker Posted April 13, 2018 Author Share Posted April 13, 2018 Thanks, guys. I appreciate the information you provided, and I've since been able to also confirm vulnerability with a script within Nmap. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.