MCPcopy Index your code
hub / github.com/bmth666/GeoServer-Tools-CVE-2024-36401

github.com/bmth666/GeoServer-Tools-CVE-2024-36401 @v1.2

Chat with this repo
repository ↗ · DeepWiki ↗ · release v1.2 ↗ · + Follow
53 symbols 110 edges 6 files 0 documented · 0%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

GeoServer-Tools-CVE-2024-36401

CVE-2024-36401 图形化利用工具,支持各个JDK版本利用以及回显、内存马实现

影响版本:

GeoServer < 2.23.6

2.24.0 <= GeoServer < 2.24.4

2.25.0 <= GeoServer < 2.25.2

近期HW发现该漏洞还是很常见的,但一直没有一个顺手的工具,这里参考:https://github.com/whitebear-ch/GeoServerExploit 的思路重新写了这份工具

0x01 安装

image-20250411124904054

构建工件即可

0x02 使用

JDK8启动:java -jar GeoServer-Tools.jar

image-20250411125025482

dnslog(无关JDK版本):

image-20250411125210164

image-20250411125231103

回显:

image-20250411125857883

内存马:

image-20250411130004637

image-20250411130131602

我这里测试环境使用的是vulhub(JDK17)和windows版本(JDK8)下的:https://master.dl.sourceforge.net/project/geoserver/GeoServer/2.15.0/geoserver-2.15.0.exe?viasf=1

实际环境可能略有出入,请自行测试

JDK17哥斯拉内存马应该是太长了无法成功注入,推荐使用冰蝎或者蚁剑

0x03 声明

仅限用于技术研究和获得正式授权的攻防项目,请使用者遵守《中华人民共和国网络安全法》,切勿用于任何非法活动,若将工具做其他用途,由使用者承担全部法律及连带责任,作者及发布者不承担任何法律及连带责任!

0x04 参考/致谢

https://mp.weixin.qq.com/s/beRJ8-HOMJbA43jYMMS0Pg

https://mp.weixin.qq.com/s/1mW3rLvZc0RL4nr25BLT7A

https://mp.weixin.qq.com/s/jCOp9A-qO8ViqLx3ui0XHg

https://github.com/whitebear-ch/GeoServerExploit

https://github.com/pen4uin/java-memshell-generator

https://github.com/vulhub/vulhub

Core symbols most depended-on inside this repo

invokeMethod
called by 12
GeoServer-Tools/out/artifacts/GeoServer_Tools_jar/org/springframework/expression/BUJcwstm.java
getFV
called by 7
GeoServer-Tools/out/artifacts/GeoServer_Tools_jar/org/springframework/expression/BUJcwstm.java
getUrlPattern
called by 3
GeoServer-Tools/out/artifacts/GeoServer_Tools_jar/org/springframework/expression/BUJcwstm.java
javacExecutableName
called by 3
GeoServer-Tools/src/main/java/com/bmth/utils/JavaCompilerUtils.java
generatePayloadJDK8
called by 3
GeoServer-Tools/src/main/java/com/bmth/utils/PayloadUtils.java
generatePayloadJDK17
called by 3
GeoServer-Tools/src/main/java/com/bmth/utils/PayloadUtils.java
getClassName
called by 2
GeoServer-Tools/out/artifacts/GeoServer_Tools_jar/org/springframework/expression/BUJcwstm.java
updateProxyFields
called by 2
GeoServer-Tools/src/main/java/com/bmth/SwingMain.java

Shape

Method 47
Class 6

Languages

Java100%

Modules by API surface

GeoServer-Tools/src/main/java/com/bmth/utils/JavaCompilerUtils.java19 symbols
GeoServer-Tools/out/artifacts/GeoServer_Tools_jar/org/springframework/expression/BUJcwstm.java16 symbols
GeoServer-Tools/src/main/java/com/bmth/utils/AttackUtils.java6 symbols
GeoServer-Tools/src/main/java/com/bmth/utils/PayloadUtils.java5 symbols
GeoServer-Tools/src/main/java/com/bmth/SwingMain.java5 symbols
GeoServer-Tools/src/main/java/com/bmth/Main.java2 symbols

For agents

$ claude mcp add GeoServer-Tools-CVE-2024-36401 \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact