loubia - Python script to exploit java unserialize on t3 (Weblogic).

loubia – Python script to exploit java unserialize on t3 (Weblogic).

This is a Python script that achieves remote code execution on t3 enabled backends. This is possible thanks to (or because of) the Java Unserialize vulnerability.
Loubia is by definition perfect. Still, out of modesty i can consider some enhancements:
+ Handle ssl better (for now, ssl protocols are hardcoded. Find a way to do an automatic negotiation)
+ Implement a method to upload a webshell to windows targets
+ Handle custom webshell
+ Add other payloads. For example a script to recover Weblogic credentials
+ Add a funny banner
+ Learn Python and redevelop the whole script

Requirements:
+ python 2.7
+ optparse, ssl

Usage:

Script:

 

Source: https://github.com/metalnas