Exploit and Check Script for CVE 2022-1388

Last update: Dec 22, 2022

Overview

F5-CVE-2022-1388-Exploit

Exploit and Check Script for CVE 2022-1388

Usage

Check against single host

python3 CVE-2022-1388.py -v true -u target_url

Attack host and test command

python CVE_2022_1388.py -a true -u target_url -c command

Attack list of hosts

python CVE_2022_1388.py -s true -f file

masscheck.py will take a file input and check the hosts are vulnerable without exploiting them.

Detection:

Scanning for /mgmt/tm/util/bash as an endpoint, likely to be in web server logs. Or if you have a F5 go patch it, the affected versions are shown below and the patch is available here https://support.f5.com/csp/article/K23605346

Vulnerable Versions

BIG-IP versions 16.1.0 to 16.1.2 (Patch released)
BIG-IP versions 15.1.0 to 15.1.5 (Patch released)
BIG-IP versions 14.1.0 to 14.1.4 (Patch released)
BIG-IP versions 13.1.0 to 13.1.4 (Patch released)
BIG-IP versions 12.1.0 to 12.1.6 (End of Support)
BIG-IP versions 11.6.1 to 11.6.5 (End of Support)

Owner

Andy Gill

I hack things, write things and break things. So my life is full of things.

GitHub Repository

Yet another web fuzzer

yafuzz Yet another web fuzzer Usage This script can run in two modes of operation. Supplying a wordlist -W argument will initiate a multithreaded fuzz

5 Feb 02, 2022

This is a Crypto asset tracker that I built to aid my personal journey in cryptocurrencies.

Wallet Tracker This is a Crypto asset tracker that I built to aid my personal journey in cryptocurrencies. build docker build -t wallet-tracker . run

2 Mar 21, 2022

A tool to crack a wifi password with a help of wordlist

A tool to crack a wifi password with a help of wordlist. This may take long to crack a wifi depending upon number of passwords your wordlist contains. Also it is slower as compared to social media ac

144 Dec 29, 2022

DomainMonitor is a web project that has a RESTful API to get a domain's subdomains and whois data.

2 Feb 05, 2022

PyFUD - Fully Undetectable payload generator for metasploit

PyFUD fully Undetectable payload generator for metasploit Usage: pyfud.py --host

3 Mar 25, 2022

This Repository is an up-to-date version of Harvard nlp's Legacy code and a Refactoring of the jupyter notebook version as a shell script version.

17 Sep 25, 2022

A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.

TProxer A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF. How • Install • Todo • Join Discord How it works

162 Nov 25, 2022

Find existing email addresses by nickname using API/SMTP checking methods without user notification. Please, don't hesitate to improve cat's job! 🐱🔎 📬

mailcat The only cat who can find existing email addresses by nickname. Usage First install requirements: pip3 install -r requirements.txt Then just

282 Dec 30, 2022

Small Python library that adds password hashing methods to ORM objects

Password Mixin Mixin that adds some useful methods to ORM objects Compatible with Python 3.5 = 3.9 Install pip install password-mixin Setup first cre

5 Nov 22, 2022

Lite version of my Gatekeeper backdoor for public use.

MayorSec Backdoor Fully functioning bind-type backdoor This backdoor is a fully functioning bind shell and lite version of my full functioning Gatekee

56 Mar 25, 2022

ADExplorerSnapshot.py is an AD Explorer snapshot ingestor for BloodHound.

ADExplorerSnapshot.py ADExplorerSnapshot.py is an AD Explorer snapshot ingestor for BloodHound. AD Explorer allows you to connect to a DC and browse L

576 Dec 23, 2022

Execution After Redirect (EAR) / Long Response Redirection Vulnerability Scanner written in python3

Execution After Redirect (EAR) / Long Response Redirection Vulnerability Scanner written in python3, It Fuzzes All URLs of target website & then scan them for EAR

9 Dec 12, 2022

Looks at Python code to search for things which look "dodgy" such as passwords or diffs

dodgy Dodgy is a very basic tool to run against your codebase to search for "dodgy" looking values. It is a series of simple regular expressions desig

112 Nov 25, 2022

WhPhisher: a Phishing tool With Python

WhPhisher Herramienta para hacer phishing con muchos métodos de túneling -----Como Instalarlo------- pkg install python3 pkg install git git clone htt

80 Jan 02, 2023

Generate obfuscated meterpreter shells

Generator Evade AV with obfuscated payloads Installation must install dotnet prior to running the script with net45 Running ./generator.py -ip Your-I

219 Nov 28, 2022

A dynamic multi-STL, multi-process OpenSCAD build system with autoplating support

scad-build This is a multi-STL OpenSCAD build system based around GNU make. It supports dynamic build targets, intelligent previews with user-defined

1 Dec 21, 2021

Solución al reto BBVA Contigo, Hack BBVA 2021

Solution Solución propuesta para el reto BBVA Contigo del Hackathon BBVA 2021. Equipo Mexdapy. Integrantes: David Pedroza Segoviano Regina Priscila Ba

2 Dec 06, 2021

Consolidating and extending hosts files from several well-curated sources. You can optionally pick extensions to block pornography, social media, and other categories.

Take Note! With the exception of issues and PRs regarding changes to hosts/data/StevenBlack/hosts, all other issues regarding the content of the produ

22.1k Jan 02, 2023

Obfuscate your python code into a string of integers. De-obfuscate also supported.

int-obfuscator Obfuscate your python code into a string of integers. De-obfuscate also supported. How it works: Each printable character gets replaced

6 Nov 13, 2022

DepFine Is a tool to find the unregistered dependency based on dependency confusion valunerablility and lead to RCE

DepFine DepFine Is a tool to find the unregistered dependency based on dependency confusion valunerablility and lead to RCE Installation: You Can inst

14 Nov 11, 2022

Exploit and Check Script for CVE 2022-1388

Related tags

Overview

F5-CVE-2022-1388-Exploit

Usage

Detection:

Vulnerable Versions

Owner

Andy Gill

Yet another web fuzzer

This is a Crypto asset tracker that I built to aid my personal journey in cryptocurrencies.

A tool to crack a wifi password with a help of wordlist

DomainMonitor is a web project that has a RESTful API to get a domain's subdomains and whois data.

PyFUD - Fully Undetectable payload generator for metasploit

This Repository is an up-to-date version of Harvard nlp's Legacy code and a Refactoring of the jupyter notebook version as a shell script version.

A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.

Find existing email addresses by nickname using API/SMTP checking methods without user notification. Please, don't hesitate to improve cat's job! 🐱🔎 📬

Small Python library that adds password hashing methods to ORM objects

Lite version of my Gatekeeper backdoor for public use.

ADExplorerSnapshot.py is an AD Explorer snapshot ingestor for BloodHound.

Execution After Redirect (EAR) / Long Response Redirection Vulnerability Scanner written in python3

Looks at Python code to search for things which look "dodgy" such as passwords or diffs

WhPhisher: a Phishing tool With Python

Generate obfuscated meterpreter shells

A dynamic multi-STL, multi-process OpenSCAD build system with autoplating support

Solución al reto BBVA Contigo, Hack BBVA 2021

Consolidating and extending hosts files from several well-curated sources. You can optionally pick extensions to block pornography, social media, and other categories.

Obfuscate your python code into a string of integers. De-obfuscate also supported.

DepFine Is a tool to find the unregistered dependency based on dependency confusion valunerablility and lead to RCE