shiro_attack:shiro反序列化进攻综合利用,包含(回显执行命令注入内存马)-源码
shiro反序列化进攻综合利用
项目基于javafx,利用shiro反序列化扩展进行回显命令执行以及注入类别内存马
检出唯一密钥(SimplePrincipalCollection)cbc / gcm
Tomcat / Springboot回显命令执行
集成公用集合K1 / K2
通过POST请求中defineClass字节码实现注入内存马(Servlet实现参考哥斯拉内存马)
resources目录下shiro_keys.txt可扩展键
关于内存马
某些spring环境以jar包启动写shell麻烦
渗透中找目录很烦,经常出现各种写壳浪费时间问题
无落地文件舒服
错误修复
2020.11.08
高低版本base64库不一致,当前使用org.apache.shiro.codec.Base64避免此问题
2020.11.10
修复注入内存马都显示注入成功的错误。
2020.11.23
文件下载
资源详情
[{"title":"( 48 个子文件 807KB ) shiro_attack:shiro反序列化进攻综合利用,包含(回显执行命令注入内存马)-源码","children":[{"title":"shiro_attack-master","children":[{"title":"src","children":[{"title":"META-INF","children":[{"title":"MANIFEST.MF <span style='color:#111;'> 47B </span>","children":null,"spread":false}],"spread":true},{"title":"main","children":[{"title":"resources","children":[{"title":"vulgui.fxml <span style='color:#111;'> 11.84KB </span>","children":null,"spread":false}],"spread":true},{"title":"java","children":[{"title":"vulgui","children":[{"title":"VulController.java <span style='color:#111;'> 16.88KB </span>","children":null,"spread":false},{"title":"exp","children":[{"title":"DserUtil.java <span style='color:#111;'> 5.56KB </span>","children":null,"spread":false}],"spread":true},{"title":"deser","children":[{"title":"util","children":[{"title":"GadgetsK.java <span style='color:#111;'> 13.42KB </span>","children":null,"spread":false},{"title":"Strings.java <span style='color:#111;'> 1.85KB </span>","children":null,"spread":false},{"title":"Reflections.java <span style='color:#111;'> 2.51KB </span>","children":null,"spread":false},{"title":"DynamicDependencies.java <span style='color:#111;'> 102B </span>","children":null,"spread":false},{"title":"Gadgets_orgin.java <span style='color:#111;'> 6.47KB </span>","children":null,"spread":false},{"title":"ClassFiles.java <span style='color:#111;'> 1.44KB </span>","children":null,"spread":false},{"title":"Gadgets.java <span style='color:#111;'> 5.14KB </span>","children":null,"spread":false},{"title":"Gadgetsasm.java <span style='color:#111;'> 4.67KB </span>","children":null,"spread":false},{"title":"Gadgetsplugin.java <span style='color:#111;'> 1018B </span>","children":null,"spread":false}],"spread":true},{"title":"echo","children":[{"title":"SpringEcho.java <span style='color:#111;'> 4.84KB </span>","children":null,"spread":false},{"title":"TomcatEcho.java <span style='color:#111;'> 11.91KB </span>","children":null,"spread":false},{"title":"EchoPayload.java <span style='color:#111;'> 1.04KB </span>","children":null,"spread":false}],"spread":true},{"title":"payloads","children":[{"title":"CommonsCollectionsK2.java <span style='color:#111;'> 1.30KB </span>","children":null,"spread":false},{"title":"CommonsCollections3.java <span style='color:#111;'> 1.93KB </span>","children":null,"spread":false},{"title":"CommonsCollections2.java <span style='color:#111;'> 1.68KB </span>","children":null,"spread":false},{"title":"ObjectPayload.java <span style='color:#111;'> 770B </span>","children":null,"spread":false},{"title":"CommonsCollectionsK1.java <span style='color:#111;'> 1.47KB </span>","children":null,"spread":false},{"title":"CommonsBeanutils1.java <span style='color:#111;'> 1.28KB </span>","children":null,"spread":false},{"title":"annotation","children":[{"title":"PayloadTest.java <span style='color:#111;'> 364B </span>","children":null,"spread":false},{"title":"Dependencies.java <span style='color:#111;'> 996B </span>","children":null,"spread":false},{"title":"Authors.java <span style='color:#111;'> 872B </span>","children":null,"spread":false}],"spread":false}],"spread":true},{"title":"plugins","children":[{"title":"InjectMemTool.java <span style='color:#111;'> 8.70KB </span>","children":null,"spread":false},{"title":"keytest","children":[{"title":"KeyEcho.java <span style='color:#111;'> 1.16KB </span>","children":null,"spread":false}],"spread":false},{"title":"servlet","children":[{"title":"RegeogTomServlet.java <span style='color:#111;'> 15.08KB </span>","children":null,"spread":false},{"title":"AntSpringDemoServlet.java <span style='color:#111;'> 19.86KB </span>","children":null,"spread":false},{"title":"AntTomDemoServlet.java <span style='color:#111;'> 22.87KB </span>","children":null,"spread":false},{"title":"RegeogSpringServlet.java <span style='color:#111;'> 8.53KB </span>","children":null,"spread":false},{"title":"BehOldDemoServlet.java <span style='color:#111;'> 16.01KB </span>","children":null,"spread":false},{"title":"MemBytes.java <span style='color:#111;'> 129.33KB </span>","children":null,"spread":false},{"title":"GodzillaDemoServlet.java <span style='color:#111;'> 18.76KB </span>","children":null,"spread":false}],"spread":false}],"spread":true},{"title":"frame","children":[{"title":"FramePayload.java <span style='color:#111;'> 1000B </span>","children":null,"spread":false},{"title":"Shiro.java <span style='color:#111;'> 5.81KB </span>","children":null,"spread":false}],"spread":false}],"spread":true},{"title":"utils","children":[{"title":"ConvertUtil.java <span style='color:#111;'> 603B </span>","children":null,"spread":false},{"title":"AesUtil.java <span style='color:#111;'> 1.14KB </span>","children":null,"spread":false},{"title":"HttpUtil.java <span style='color:#111;'> 18.71KB </span>","children":null,"spread":false},{"title":"Console.java <span style='color:#111;'> 748B </span>","children":null,"spread":false}],"spread":true},{"title":"Main.java <span style='color:#111;'> 616B </span>","children":null,"spread":false},{"title":"test","children":[{"title":"MyClass.java <span style='color:#111;'> 949B </span>","children":null,"spread":false}],"spread":true}],"spread":true}],"spread":true}],"spread":true}],"spread":true},{"title":"resources","children":[{"title":"shiro_keys.txt <span style='color:#111;'> 3.13KB </span>","children":null,"spread":false}],"spread":true},{"title":"pom.xml <span style='color:#111;'> 7.30KB </span>","children":null,"spread":false},{"title":"README.md <span style='color:#111;'> 1.45KB </span>","children":null,"spread":false},{"title":"screenshot","children":[{"title":"1.gif <span style='color:#111;'> 625.58KB </span>","children":null,"spread":false},{"title":"screenshot.png <span style='color:#111;'> 82.34KB </span>","children":null,"spread":false}],"spread":true},{"title":"shiro_attack.iml <span style='color:#111;'> 8.15KB </span>","children":null,"spread":false}],"spread":true}],"spread":true}]
评论信息
其他资源
- js K线图 KLine js源码 与okex网站一致
- Multikey模拟狗
- 小波包降噪的程序,并有注解
- 2020 HPC Report Market Update.pdf
- DPM模型(行人检测xml文件)
- 哈夫曼编译码器课程设计报告(完整版)
- 自己写JSP博客 完整源代码
- OpenCv-4 Mingw(32bit)编译生成库包
- c++prime plus 源代码
- CCP标定例程
- 信息系统分析课件
- Tasker.zip
- 基于UKF的最小熵准则非线性滤波。
- PDS2000低压电网综合管理系统
- Autodesk_SketchBook.zip
- Kali的安装及使用
- 古诗收集程序C语言
- 数字信号频带传输系统的仿真实现
- 网上书店(oracle课程设计)
- ext4.0生成图形报表(柱形、折线、饼状)
- 图像分割 CV模型的MATLAB源代码
- 聚类算法评测数据第二部分
- 《Visual C++ OpenGL DirectX三维动画编程宝典》源代码
- 仿QQ迷你首页(迷你资讯)(MFC,VC++)源代码
- ENVI 5.2 破解文件(附32位和64位下载链接)
免责申明
【只为小站】的资源来自网友分享,仅供学习研究,请务必在下载后24小时内给予删除,不得用于其他任何用途,否则后果自负。基于互联网的特殊性,【只为小站】 无法对用户传输的作品、信息、内容的权属或合法性、合规性、真实性、科学性、完整权、有效性等进行实质审查;无论 【只为小站】 经营者是否已进行审查,用户均应自行承担因其传输的作品、信息、内容而可能或已经产生的侵权或权属纠纷等法律责任。
本站所有资源不代表本站的观点或立场,基于网友分享,根据中国法律《信息网络传播权保护条例》第二十二条之规定,若资源存在侵权或相关问题请联系本站客服人员,zhiweidada#qq.com,请把#换成@,本站将给予最大的支持与配合,做到及时反馈和处理。关于更多版权及免责申明参见 版权及免责申明
本站所有资源不代表本站的观点或立场,基于网友分享,根据中国法律《信息网络传播权保护条例》第二十二条之规定,若资源存在侵权或相关问题请联系本站客服人员,zhiweidada#qq.com,请把#换成@,本站将给予最大的支持与配合,做到及时反馈和处理。关于更多版权及免责申明参见 版权及免责申明