Skills
skills/wgpsec/aboutsecurity/oa-system-attack/Gen Agent Trust Hub

oa-system-attack

Warn

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides numerous shell commands using curl, whatweb, nuclei, and fscan to perform reconnaissance, fingerprinting, and exploitation of internal network targets.
  • [REMOTE_CODE_EXECUTION]: Detailed instructions and functional payloads are provided to achieve Remote Code Execution (RCE) on target systems. Examples include using BeanShell scripts, file upload vulnerabilities to plant webshells, and Java deserialization via ysoserial payloads.
  • [DATA_EXFILTRATION]: The skill includes commands designed to exfiltrate sensitive data from target systems, such as reading /etc/passwd, database configuration files (DBconfigReader.jsp, oa_config.php), and system properties.
  • [CREDENTIALS_UNSAFE]: Multiple files document default administrative credentials (usernames and passwords) for various OA systems (e.g., Seeyon, Weaver, Yonyou, Landray), facilitating unauthorized access.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 22, 2026, 10:08 AM