GithubHelp home page GithubHelp logo

paddingoracleattack-shiro-721's Introduction

Shiro-721 Padding Oracle Attack

本来就不是专业搞密码学的,不过之前为了应急还是去搞了下...,这个漏洞在实际中应该不可能攻击成功,不过学习下还是可以的。 代码写得有点丑,不过不要仅,能跑...

Usage

  1. 克隆项目,在项目下执行mvn clean package,会在target下生成两个jar包,PaddingOracleAttack-1.0-SNAPSHOT.jar带了依赖包,直接使用这个就行
  2. 执行java -jar PaddingOracleAttack.jar targetUrl rememberMeCookie blockSize payloadFilePath,例如: java -jar PaddingOracleAttack-1.0-SNAPSHOT.jar http://127.0.0.1:8080/samples-web-1.5.0-SNAPSHOT/ rememberMeCookie 16 payload.ser

注: payloadFilePath为恶意的序列化数据文件,可以使用ysoserial生成,尽量选择payload短的,不然爆破时间很长,够等。中途出错了可能需要重新运行,可能是服务器扛不住的原因...

参考:https://blog.skullsecurity.org/2016/going-the-other-way-with-padding-oracles-encrypting-arbitrary-data

免责声明:本工具仅供安全测试学习用途,禁止非法使用

paddingoracleattack-shiro-721's People

Contributors

adming-zz avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.