ysoserial:概念证明工具,用于生成利用不安全的Java对象反序列化的有效负载
约瑟
一种概念证明工具,用于生成利用不安全的Java对象反序列化的有效负载。
描述
最初作为AppSecCali 2015讲座一部分发布,其中包含针对Apache Commons Collections(3.x和4.x),Spring Beans / Core(4.x)和Groovy( 2.3.x)。 后来进行了更新,以包括其他小工具链和其他几个库。
ysoserial是在通用Java库中发现的实用程序和面向属性的编程“小工具链”的集合,可以在适当的条件下利用Java应用程序对对象执行不安全的反序列化。 主驱动程序接受用户指定的命令,并将其包装在用户指定的小工具链中,然后将这些对象序列化为stdout。 当在类路径上具有必需小工具的应用程序不安全地反序列化此数据时,该链将自动被调用并导致命令在应用程序主机上执行。
应该注意的是,漏洞在于应用程序执行不安全的反序列化,而不是在类路径上具
文件下载
资源详情
[{"title":"( 88 个子文件 143KB ) ysoserial:概念证明工具,用于生成利用不安全的Java对象反序列化的有效负载","children":[{"title":"ysoserial-master","children":[{"title":"LICENSE.txt <span style='color:#111;'> 1.04KB </span>","children":null,"spread":false},{"title":"assembly.xml <span style='color:#111;'> 1.02KB </span>","children":null,"spread":false},{"title":"src","children":[{"title":"test","children":[{"title":"java","children":[{"title":"ysoserial","children":[{"title":"CiTest.java <span style='color:#111;'> 257B </span>","children":null,"spread":false},{"title":"test","children":[{"title":"CustomDeserializer.java <span style='color:#111;'> 139B </span>","children":null,"spread":false},{"title":"CustomPayloadArgs.java <span style='color:#111;'> 129B </span>","children":null,"spread":false},{"title":"util","children":[{"title":"Throwables.java <span style='color:#111;'> 234B </span>","children":null,"spread":false},{"title":"Files.java <span style='color:#111;'> 349B </span>","children":null,"spread":false},{"title":"OS.java <span style='color:#111;'> 689B </span>","children":null,"spread":false},{"title":"Callables.java <span style='color:#111;'> 926B </span>","children":null,"spread":false}],"spread":true},{"title":"payloads","children":[{"title":"CommandExecTest.java <span style='color:#111;'> 1.17KB </span>","children":null,"spread":false},{"title":"TestHarnessTest.java <span style='color:#111;'> 1.98KB </span>","children":null,"spread":false},{"title":"JRMPReverseConnectTest.java <span style='color:#111;'> 1.13KB </span>","children":null,"spread":false},{"title":"RemoteClassLoadingTest.java <span style='color:#111;'> 3.44KB </span>","children":null,"spread":false},{"title":"MyfacesTest.java <span style='color:#111;'> 5.69KB </span>","children":null,"spread":false},{"title":"JRMPReverseConnectSMTest.java <span style='color:#111;'> 1.46KB </span>","children":null,"spread":false},{"title":"FileUploadTest.java <span style='color:#111;'> 2.33KB </span>","children":null,"spread":false},{"title":"PayloadsTest.java <span style='color:#111;'> 12.97KB </span>","children":null,"spread":false}],"spread":true},{"title":"exploit","children":[{"title":"RMIRegistryExploitTest.java <span style='color:#111;'> 579B </span>","children":null,"spread":false}],"spread":true},{"title":"CustomTest.java <span style='color:#111;'> 212B </span>","children":null,"spread":false},{"title":"WrappedTest.java <span style='color:#111;'> 228B </span>","children":null,"spread":false}],"spread":true}],"spread":true}],"spread":true}],"spread":true},{"title":"main","children":[{"title":"java","children":[{"title":"ysoserial","children":[{"title":"secmgr","children":[{"title":"ExecCheckingSecurityManager.java <span style='color:#111;'> 2.21KB </span>","children":null,"spread":false},{"title":"DelegateSecurityManager.java <span style='color:#111;'> 4.42KB </span>","children":null,"spread":false}],"spread":true},{"title":"payloads","children":[{"title":"JRMPListener.java <span style='color:#111;'> 1.82KB </span>","children":null,"spread":false},{"title":"ObjectPayload.java <span style='color:#111;'> 3.72KB </span>","children":null,"spread":false},{"title":"URLDNS.java <span style='color:#111;'> 3.44KB </span>","children":null,"spread":false},{"title":"Wicket1.java <span style='color:#111;'> 4.60KB </span>","children":null,"spread":false},{"title":"DynamicDependencies.java <span style='color:#111;'> 103B </span>","children":null,"spread":false},{"title":"CommonsCollections3.java <span style='color:#111;'> 2.38KB </span>","children":null,"spread":false},{"title":"Jdk7u21.java <span style='color:#111;'> 3.00KB </span>","children":null,"spread":false},{"title":"Myfaces1.java <span style='color:#111;'> 3.77KB </span>","children":null,"spread":false},{"title":"Spring2.java <span style='color:#111;'> 2.71KB </span>","children":null,"spread":false},{"title":"annotation","children":[{"title":"Dependencies.java <span style='color:#111;'> 993B </span>","children":null,"spread":false},{"title":"Authors.java <span style='color:#111;'> 1.24KB </span>","children":null,"spread":false},{"title":"PayloadTest.java <span style='color:#111;'> 361B </span>","children":null,"spread":false}],"spread":false},{"title":"ReleaseableObjectPayload.java <span style='color:#111;'> 180B </span>","children":null,"spread":false},{"title":"Groovy1.java <span style='color:#111;'> 1.29KB </span>","children":null,"spread":false},{"title":"CommonsBeanutils1.java <span style='color:#111;'> 1.53KB </span>","children":null,"spread":false},{"title":"JBossInterceptors1.java <span style='color:#111;'> 4.06KB </span>","children":null,"spread":false},{"title":"CommonsCollections6.java <span style='color:#111;'> 3.93KB </span>","children":null,"spread":false},{"title":"Jython1.java <span style='color:#111;'> 4.49KB </span>","children":null,"spread":false},{"title":"Clojure.java <span style='color:#111;'> 2.34KB </span>","children":null,"spread":false},{"title":"Myfaces2.java <span style='color:#111;'> 2.38KB </span>","children":null,"spread":false},{"title":"JSON1.java <span style='color:#111;'> 5.37KB </span>","children":null,"spread":false},{"title":"util","children":[{"title":"JavaVersion.java <span style='color:#111;'> 1.23KB </span>","children":null,"spread":false},{"title":"Reflections.java <span style='color:#111;'> 2.52KB </span>","children":null,"spread":false},{"title":"PayloadRunner.java <span style='color:#111;'> 2.03KB </span>","children":null,"spread":false},{"title":"Gadgets.java <span style='color:#111;'> 6.35KB </span>","children":null,"spread":false},{"title":"ClassFiles.java <span style='color:#111;'> 1.15KB </span>","children":null,"spread":false}],"spread":false},{"title":"JavassistWeld1.java <span style='color:#111;'> 4.11KB </span>","children":null,"spread":false},{"title":"Hibernate2.java <span style='color:#111;'> 2.03KB </span>","children":null,"spread":false},{"title":"JRMPClient.java <span style='color:#111;'> 2.63KB </span>","children":null,"spread":false},{"title":"ROME.java <span style='color:#111;'> 1.32KB </span>","children":null,"spread":false},{"title":"CommonsCollections7.java <span style='color:#111;'> 3.24KB </span>","children":null,"spread":false},{"title":"FileUpload1.java <span style='color:#111;'> 4.60KB </span>","children":null,"spread":false},{"title":"MozillaRhino2.java <span style='color:#111;'> 4.78KB </span>","children":null,"spread":false},{"title":"C3P0.java <span style='color:#111;'> 2.99KB </span>","children":null,"spread":false},{"title":"CommonsCollections4.java <span style='color:#111;'> 2.21KB </span>","children":null,"spread":false},{"title":"CommonsCollections1.java <span style='color:#111;'> 3.00KB </span>","children":null,"spread":false},{"title":"Spring1.java <span style='color:#111;'> 3.13KB </span>","children":null,"spread":false},{"title":"Hibernate1.java <span style='color:#111;'> 8.35KB </span>","children":null,"spread":false},{"title":"CommonsCollections2.java <span style='color:#111;'> 1.78KB </span>","children":null,"spread":false},{"title":"CommonsCollections5.java <span style='color:#111;'> 3.73KB </span>","children":null,"spread":false},{"title":"Vaadin1.java <span style='color:#111;'> 3.53KB </span>","children":null,"spread":false},{"title":"BeanShell1.java <span style='color:#111;'> 2.13KB </span>","children":null,"spread":false},{"title":"MozillaRhino1.java <span style='color:#111;'> 3.35KB </span>","children":null,"spread":false}],"spread":false},{"title":"exploit","children":[{"title":"JRMPListener.java <span style='color:#111;'> 9.87KB </span>","children":null,"spread":false},{"title":"RMIRegistryExploit.java <span style='color:#111;'> 3.40KB </span>","children":null,"spread":false},{"title":"JMXInvokeMBean.java <span style='color:#111;'> 1.40KB </span>","children":null,"spread":false},{"title":"JSF.java <span style='color:#111;'> 2.40KB </span>","children":null,"spread":false},{"title":"JenkinsListener.java <span style='color:#111;'> 7.48KB </span>","children":null,"spread":false},{"title":"JenkinsReverse.java <span style='color:#111;'> 2.42KB </span>","children":null,"spread":false},{"title":"JRMPClient.java <span style='color:#111;'> 4.08KB </span>","children":null,"spread":false},{"title":"JenkinsCLI.java <span style='color:#111;'> 4.49KB </span>","children":null,"spread":false},{"title":"JRMPClassLoadingListener.java <span style='color:#111;'> 1.60KB </span>","children":null,"spread":false},{"title":"JBoss.java <span style='color:#111;'> 14.94KB </span>","children":null,"spread":false}],"spread":true},{"title":"Strings.java <span style='color:#111;'> 1.89KB </span>","children":null,"spread":false},{"title":"GeneratePayload.java <span style='color:#111;'> 2.49KB </span>","children":null,"spread":false},{"title":"Serializer.java <span style='color:#111;'> 791B </span>","children":null,"spread":false},{"title":"Deserializer.java <span style='color:#111;'> 1.05KB </span>","children":null,"spread":false}],"spread":true}],"spread":true}],"spread":true}],"spread":true},{"title":"Dockerfile <span style='color:#111;'> 413B </span>","children":null,"spread":false},{"title":"DISCLAIMER.txt <span style='color:#111;'> 327B </span>","children":null,"spread":false},{"title":".travis.yml <span style='color:#111;'> 1.24KB </span>","children":null,"spread":false},{"title":"README.md <span style='color:#111;'> 7.17KB </span>","children":null,"spread":false},{"title":"ysoserial.png <span style='color:#111;'> 42.48KB </span>","children":null,"spread":false},{"title":"pom.xml <span style='color:#111;'> 11.63KB </span>","children":null,"spread":false},{"title":"appveyor.yml <span style='color:#111;'> 1.05KB </span>","children":null,"spread":false},{"title":".editorconfig <span style='color:#111;'> 201B </span>","children":null,"spread":false},{"title":".gitignore <span style='color:#111;'> 110B </span>","children":null,"spread":false}],"spread":false}],"spread":true}]
评论信息
其他资源
- 黄河 shp文件
- HslCommunication.dll
- 网上银行管理系统jsp+servlet+mysql
- winhex19.6专业版注册码
- 基于单片机控制的寻迹小车设计 含设计报告 电路原理图 C语音程序 proteus仿真文件 答辩PPT等全套打包
- 网上点餐系统 java
- 编写算法删除单链表L中所有值为e的数据元素。
- JAVA售楼管理系统
- 电容式锂电池项目商业计划书【恩美路演提供】(1).pdf
- esp8266-标准固件烧录方法.rar
- 仿QQ项目(eclipse工程)
- vscode-unreal-engine-4-helper:适用于Visual Studio Code的虚幻引擎4帮助器-源码
- CYLTabBarController-master(框架).zip
- R中的s3和s4类的简单理解
- files_phpmyfaq开源FAQ(问答)系统
- MFC邮件发送程序(C语言版带界面)
- 财务金融建模(excel)
- xilinx平台DDR3设计教程之高富帅篇_中文版教程.pdf
- 大数据学习笔记.pdf
- 遥感图像变化检测程序
- C# 远程备份oracle数据库
免责申明
【只为小站】的资源来自网友分享,仅供学习研究,请务必在下载后24小时内给予删除,不得用于其他任何用途,否则后果自负。基于互联网的特殊性,【只为小站】 无法对用户传输的作品、信息、内容的权属或合法性、合规性、真实性、科学性、完整权、有效性等进行实质审查;无论 【只为小站】 经营者是否已进行审查,用户均应自行承担因其传输的作品、信息、内容而可能或已经产生的侵权或权属纠纷等法律责任。
本站所有资源不代表本站的观点或立场,基于网友分享,根据中国法律《信息网络传播权保护条例》第二十二条之规定,若资源存在侵权或相关问题请联系本站客服人员,zhiweidada#qq.com,请把#换成@,本站将给予最大的支持与配合,做到及时反馈和处理。关于更多版权及免责申明参见 版权及免责申明
本站所有资源不代表本站的观点或立场,基于网友分享,根据中国法律《信息网络传播权保护条例》第二十二条之规定,若资源存在侵权或相关问题请联系本站客服人员,zhiweidada#qq.com,请把#换成@,本站将给予最大的支持与配合,做到及时反馈和处理。关于更多版权及免责申明参见 版权及免责申明