octobre 2017

Metasploit Module For Apache Struts 2 REST (CVE-2017-9805)

A metasploit module designed for exploiting this vulnerability was released today. Using this module, vulnerable websites can be exploited and easily gain a shell. The name of this module is ‘struts2_rest_xstream’

How to install Metasploit Module for Struts?

Download Metasploit Module For Apache Struts 2 REST (CVE-2017-9805)

First you have to download the module by executing the command

wget https://raw.githubusercontent.com/wvu-r7/metasploit-framework/5ea83fee5ee8c23ad95608b7e2022db5b48340ef/modules/exploits/multi/http/struts2_rest_xstream.rb

Next you will have to move this downloaded file to metasploits directory

cp struts2_rest_xstream.rb /usr/share/metasploit-framework/modules/exploits/multi/http/

Now start metasploit to check whether the module is being loaded correctly.

msfconsole

Now load the module by running

use exploit/multi/http/struts2_rest_xstream