shiro_attack:shiro反序列化进攻综合利用,包含(回显执行命令注入内存马)-源码
shiro反序列化进攻综合利用
项目基于javafx,利用shiro反序列化扩展进行回显命令执行以及注入类别内存马
检出唯一密钥(SimplePrincipalCollection)cbc / gcm
Tomcat / Springboot回显命令执行
集成公用集合K1 / K2
通过POST请求中defineClass字节码实现注入内存马(Servlet实现参考哥斯拉内存马)
resources目录下shiro_keys.txt可扩展键
关于内存马
某些spring环境以jar包启动写shell麻烦
渗透中找目录很烦,经常出现各种写壳浪费时间问题
无落地文件舒服
错误修复
2020.11.08
高低版本base64库不一致,当前使用org.apache.shiro.codec.Base64避免此问题
2020.11.10
修复注入内存马都显示注入成功的错误。
2020.11.23
文件下载
资源详情
[{"title":"( 48 个子文件 807KB ) shiro_attack:shiro反序列化进攻综合利用,包含(回显执行命令注入内存马)-源码","children":[{"title":"shiro_attack-master","children":[{"title":"src","children":[{"title":"META-INF","children":[{"title":"MANIFEST.MF <span style='color:#111;'> 47B </span>","children":null,"spread":false}],"spread":true},{"title":"main","children":[{"title":"resources","children":[{"title":"vulgui.fxml <span style='color:#111;'> 11.84KB </span>","children":null,"spread":false}],"spread":true},{"title":"java","children":[{"title":"vulgui","children":[{"title":"VulController.java <span style='color:#111;'> 16.88KB </span>","children":null,"spread":false},{"title":"exp","children":[{"title":"DserUtil.java <span style='color:#111;'> 5.56KB </span>","children":null,"spread":false}],"spread":true},{"title":"deser","children":[{"title":"util","children":[{"title":"GadgetsK.java <span style='color:#111;'> 13.42KB </span>","children":null,"spread":false},{"title":"Strings.java <span style='color:#111;'> 1.85KB </span>","children":null,"spread":false},{"title":"Reflections.java <span style='color:#111;'> 2.51KB </span>","children":null,"spread":false},{"title":"DynamicDependencies.java <span style='color:#111;'> 102B </span>","children":null,"spread":false},{"title":"Gadgets_orgin.java <span style='color:#111;'> 6.47KB </span>","children":null,"spread":false},{"title":"ClassFiles.java <span style='color:#111;'> 1.44KB </span>","children":null,"spread":false},{"title":"Gadgets.java <span style='color:#111;'> 5.14KB </span>","children":null,"spread":false},{"title":"Gadgetsasm.java <span style='color:#111;'> 4.67KB </span>","children":null,"spread":false},{"title":"Gadgetsplugin.java <span style='color:#111;'> 1018B </span>","children":null,"spread":false}],"spread":true},{"title":"echo","children":[{"title":"SpringEcho.java <span style='color:#111;'> 4.84KB </span>","children":null,"spread":false},{"title":"TomcatEcho.java <span style='color:#111;'> 11.91KB </span>","children":null,"spread":false},{"title":"EchoPayload.java <span style='color:#111;'> 1.04KB </span>","children":null,"spread":false}],"spread":true},{"title":"payloads","children":[{"title":"CommonsCollectionsK2.java <span style='color:#111;'> 1.30KB </span>","children":null,"spread":false},{"title":"CommonsCollections3.java <span style='color:#111;'> 1.93KB </span>","children":null,"spread":false},{"title":"CommonsCollections2.java <span style='color:#111;'> 1.68KB </span>","children":null,"spread":false},{"title":"ObjectPayload.java <span style='color:#111;'> 770B </span>","children":null,"spread":false},{"title":"CommonsCollectionsK1.java <span style='color:#111;'> 1.47KB </span>","children":null,"spread":false},{"title":"CommonsBeanutils1.java <span style='color:#111;'> 1.28KB </span>","children":null,"spread":false},{"title":"annotation","children":[{"title":"PayloadTest.java <span style='color:#111;'> 364B </span>","children":null,"spread":false},{"title":"Dependencies.java <span style='color:#111;'> 996B </span>","children":null,"spread":false},{"title":"Authors.java <span style='color:#111;'> 872B </span>","children":null,"spread":false}],"spread":false}],"spread":true},{"title":"plugins","children":[{"title":"InjectMemTool.java <span style='color:#111;'> 8.70KB </span>","children":null,"spread":false},{"title":"keytest","children":[{"title":"KeyEcho.java <span style='color:#111;'> 1.16KB </span>","children":null,"spread":false}],"spread":false},{"title":"servlet","children":[{"title":"RegeogTomServlet.java <span style='color:#111;'> 15.08KB </span>","children":null,"spread":false},{"title":"AntSpringDemoServlet.java <span style='color:#111;'> 19.86KB </span>","children":null,"spread":false},{"title":"AntTomDemoServlet.java <span style='color:#111;'> 22.87KB </span>","children":null,"spread":false},{"title":"RegeogSpringServlet.java <span style='color:#111;'> 8.53KB </span>","children":null,"spread":false},{"title":"BehOldDemoServlet.java <span style='color:#111;'> 16.01KB </span>","children":null,"spread":false},{"title":"MemBytes.java <span style='color:#111;'> 129.33KB </span>","children":null,"spread":false},{"title":"GodzillaDemoServlet.java <span style='color:#111;'> 18.76KB </span>","children":null,"spread":false}],"spread":false}],"spread":true},{"title":"frame","children":[{"title":"FramePayload.java <span style='color:#111;'> 1000B </span>","children":null,"spread":false},{"title":"Shiro.java <span style='color:#111;'> 5.81KB </span>","children":null,"spread":false}],"spread":false}],"spread":true},{"title":"utils","children":[{"title":"ConvertUtil.java <span style='color:#111;'> 603B </span>","children":null,"spread":false},{"title":"AesUtil.java <span style='color:#111;'> 1.14KB </span>","children":null,"spread":false},{"title":"HttpUtil.java <span style='color:#111;'> 18.71KB </span>","children":null,"spread":false},{"title":"Console.java <span style='color:#111;'> 748B </span>","children":null,"spread":false}],"spread":true},{"title":"Main.java <span style='color:#111;'> 616B </span>","children":null,"spread":false},{"title":"test","children":[{"title":"MyClass.java <span style='color:#111;'> 949B </span>","children":null,"spread":false}],"spread":true}],"spread":true}],"spread":true}],"spread":true}],"spread":true},{"title":"resources","children":[{"title":"shiro_keys.txt <span style='color:#111;'> 3.13KB </span>","children":null,"spread":false}],"spread":true},{"title":"pom.xml <span style='color:#111;'> 7.30KB </span>","children":null,"spread":false},{"title":"README.md <span style='color:#111;'> 1.45KB </span>","children":null,"spread":false},{"title":"screenshot","children":[{"title":"1.gif <span style='color:#111;'> 625.58KB </span>","children":null,"spread":false},{"title":"screenshot.png <span style='color:#111;'> 82.34KB </span>","children":null,"spread":false}],"spread":true},{"title":"shiro_attack.iml <span style='color:#111;'> 8.15KB </span>","children":null,"spread":false}],"spread":true}],"spread":true}]
评论信息
其他资源
- USB转I2C,SPI,CAN,GPIO,UART,ADC,PWM,GPIO上位机软件
- director插件集Xtras
- 算术编码c++
- SPC5Studio中文使用教程
- DLL解码工具
- STM32Cubemx使用教程详解
- 生存分析数据(癌症的生存时间)
- 带电容滤波的三相不控整流桥仿真
- 3D STEP模型文件
- 美赛模型代码和注释
- 基于LabVIEW的锁相放大器及其应用
- 高斯混合模型的后验概率代码
- Mastering Unreal Engine 4.X(英文)
- pg142-axi-uartlite.pdf
- Odin - Inspector and Serializer 2.1.12
- 2018人工智能名片白皮书
- IEEE Std 802.1Q-2011
- web 项目servlet+jsp+tomcat+jdbc
- DBImport工具
- 关于hgt文件及其使用
- IFIX将数据记录通过ODBC保存到SQL+SERVER
- 汉字拼音对照库(2万多汉字)
- 基于ASP.NET简单书店管理系统网站
免责申明
【只为小站】的资源来自网友分享,仅供学习研究,请务必在下载后24小时内给予删除,不得用于其他任何用途,否则后果自负。基于互联网的特殊性,【只为小站】 无法对用户传输的作品、信息、内容的权属或合法性、合规性、真实性、科学性、完整权、有效性等进行实质审查;无论 【只为小站】 经营者是否已进行审查,用户均应自行承担因其传输的作品、信息、内容而可能或已经产生的侵权或权属纠纷等法律责任。
本站所有资源不代表本站的观点或立场,基于网友分享,根据中国法律《信息网络传播权保护条例》第二十二条之规定,若资源存在侵权或相关问题请联系本站客服人员,zhiweidada#qq.com,请把#换成@,本站将给予最大的支持与配合,做到及时反馈和处理。关于更多版权及免责申明参见 版权及免责申明
本站所有资源不代表本站的观点或立场,基于网友分享,根据中国法律《信息网络传播权保护条例》第二十二条之规定,若资源存在侵权或相关问题请联系本站客服人员,zhiweidada#qq.com,请把#换成@,本站将给予最大的支持与配合,做到及时反馈和处理。关于更多版权及免责申明参见 版权及免责申明