Set up Metasploit Module for Apache Struts 2 REST
Metasploit Module For Apache Struts 2 REST (CVE-2017-9805)
A metasploit module designed for exploiting this vulnerability was released today. Using this module, vulnerable websites can be exploited and easily gain a shell. The name of this module is ‘struts2_rest_xstream’
How to install Metasploit Module for Struts?
Download Metasploit Module For Apache Struts 2 REST (CVE-2017-9805)
First you have to download the module by executing the command
wget https://raw.githubusercontent.com/wvu-r7/metasploit-framework/5ea83fee5ee8c23ad95608b7e2022db5b48340ef/modules/exploits/multi/http/struts2_rest_xstream.rb
Next you will have to move this downloaded file to metasploits directory
cp struts2_rest_xstream.rb /usr/share/metasploit-framework/modules/exploits/multi/http/
Now start metasploit to check whether the module is being loaded correctly.
msfconsole
Now load the module by running
use exploit/multi/http/struts2_rest_xstream