Share
## https://sploitus.com/exploit?id=FF4560D1-137A-5C41-90E4-E8EECAB04134
# CVE-2022-1388
F5 BIG-IP iControl REST vulnerability RCE exploit with Java and ELF.

# Included
- Scan a single target
- Scan many targets
- Exploit with a shell

```
JDK11 required for jar file only. If you don't have JDK, you can run the linux executable (it is faster).
```

# Setup LAB
- You can find the lab <a href="https://github.com/Zeyad-Azima/CVE-2022-1388/tree/main/CVE2022-1388_LAB">Here</a>

# Download
- Download windows executable file <a href="https://github.com/Zeyad-Azima/CVE-2022-1388/releases/download/CVE-2022-1388/CVE2022-1388_Windows.exe">Here</a>
- Download JAR file <a href="https://github.com/Zeyad-Azima/CVE-2022-1388/releases/download/CVE-2022-1388/CVE2022-1388_JAR.jar">Here</a>
- Download native executable for linux (x86_64) <a href="https://github.com/Zeyad-Azima/CVE-2022-1388/tree/main/out/exec">Here</a>

# Run
```
`user# java -jar CVE2022-1388.jar help`
or
`user# CVE2022-1388.exe help`
or
`user# ./exec help`

Output:
Scan a single target: `java -jar cve-2022-1388.jar scheck`
Scan targets from a file: `java -jar cve-2022-1388.jar mcheck`
Exploit a target: `java -jar cve-2022-1388.jar exploit`
```

# Screenshot
<img src="/img/CVE-2022-1388.jpeg">

# Author
<a href="https://www.linkedin.com/in/zer0verflow/">Zeyad Azima</a>

# Contrib
<a href="https://www.linkedin.com/in/0x250/">Morad Abdelrasheed</a> (Further updates soon)