Simplest and most reliable RichFaces Paint2DResource CVE-2018-12533 RF-14310 exploit

Installation • Usage • Running Paint2Die

---

Installation Instructions

git clone https://github.com/LucasKatashi/paint2die.git
cd paint2die
chmod +x paint2die.py
pip install -r requirements.txt

Usage

./paint2die -h

This will display help for the tool. Here are all the switches it supports.

Usage:
 ./paint2die [flags]                                                                
 _____     _     _   ___ ____  _      
|  _  |___|_|___| |_|_  |    \|_|___ 
|   __| .'| |   |  _|  _|  |  | | -_|
|__|  |__,|_|_|_|_| |___|____/|_|___|
                    by: Lucas Katashi
usage: paint2die.py [-h] -t TARGET [-c COMMAND] [-r REVERSE] [-s]
paint2die.py: error: the following arguments are required: -t/--target

RichFaces CVE-2018-12533 RF-14310 exploit

options:
  -h, --help            show this help message and exit
  -t, --target TARGET   URL of RichFaces application, i.e:
                        http://example.com/app/a4j/g/3_3_3.Final
  -c, --command COMMAND
                        Command to execute
  -r, --reverse REVERSE
                        IP:PORT for reverse shell
  -s, --silence         Silence output

References

• https://web.archive.org/web/20211118021323/https://www.lucifaer.com/2018/12/05/RF-14310%EF%BC%88CVE-2018-12533%EF%BC%89%E5%88%86%E6%9E%90/