CVE-2016-4437

This Metasploit module exploits CVE-2016-4437, a deserialization vulnerability in Apache Shiro v1.2.4, by sending a malicious 'rememberMe' cookie containing an AES-encrypted payload. The payload leverages YSoSerial to achieve remote code execution (RCE) on vulnerable systems.

This repository contains functional exploit code for CVE-2016-4437, a deserialization vulnerability in Apache Shiro <=1.2.4. The exploit leverages the 'rememberMe' cookie field to execute arbitrary commands via JRMP deserialization attacks, with support for multiple encryption keys and payload generation using ysoserial.

This repository contains a functional exploit tool for CVE-2016-4437, targeting Apache Shiro's deserialization vulnerability. It includes modes for detection, key cracking, and payload execution using ysoserial gadgets.

This repository contains a functional Python exploit for CVE-2016-4437, an Apache Shiro deserialization vulnerability due to a hardcoded encryption key. The exploit uses ysoserial to generate a malicious payload, encrypts it with the known key, and sends it via a 'rememberMe' cookie to achieve remote code execution (RCE).

The repository contains minimal and incomplete code related to Apache Shiro authentication but lacks any functional exploit or technical details for CVE-2016-4437. Most files are boilerplate or empty.

This repository contains functional exploit code for CVE-2016-4437, a deserialization vulnerability in Apache Shiro. It includes tools to decode 'rememberMe' cookies and check for vulnerability presence by sending crafted requests.

The repository contains only a README.md file with minimal content (just the CVE identifier) and no exploit code or technical details. It is a placeholder with no functional or analytical value.

This Metasploit module exploits a deserialization vulnerability in Apache Shiro v1.2.4 via the RememberMe cookie, allowing remote code execution. It uses AES encryption with a known key to craft a malicious serialized payload.