GithubHelp home page GithubHelp logo

jsp-webshells's Introduction

工具仅用于安全研究以及内部自查,禁止使用工具发起非法攻击,造成的后果使用者负责

JSP-WebShells集合

  1. BCEL字节码的JSP WebShell
  2. 自定义类加载器的JSP WebShell
  3. ScriptEngine.eval的JSP WebShell
  4. URLClassLoader加载远程jar的JSP WebShell
  5. javac动态编译class的JSP WebShell
  6. jdk.nashorn.internal.runtime.ScriptLoader类加载器加载的JSP WebShell
  7. java.lang.ProcessImpl JSP WebShell
  8. java.lang.ProcessBuilder WebShell
  9. MethodAccessor.invoke绕过检测Method.invoke的JSP WebShell
  10. SPI机制的ScriptEngineManager自动加载实例化JSP WebShell
  11. 利用TemplatesImpl触发的JSP WebShell
  12. 重写ObjectInputStream.resolveClass实现反序列化readObject触发的JSP WebShell
  13. JdbcRowSetImpl进行jndi注入的JSP WebShell
  14. Tomcat EL的JSP WebShell
  15. BCEL类加载器进行一定包装-可能在某些禁了loadClass方法的地方bypass的JSP WebShell
  16. VersionHelper包装的URLClassLoader类加载器的JSP WebShell
  17. Runtime.exec的JSP WebShell
  18. 利用TemplatesImpl反序列化的JSP WebShell
  19. 精简一句话ScriptEngine.eval的JSP WebShell
  20. 反射调用 Proxy native 方法 defineClass0 加载类字节码 WebShell
  21. 使用JDK自带的ASM框架构造字节码并加载 WebShell
  22. 利用jsp标签属性注入解析后代码的JSP WebShell

分类

一、命令执行/反射调用

  1. java.lang.ProcessImpl JSP WebShell: 7.jsp
  2. java.lang.ProcessBuilder WebShell: 8.jsp
  3. Runtime.exec的JSP WebShell: 17.jsp
  4. MethodAccessor.invoke绕过检测Method.invoke的JSP WebShell: 9.jsp
  5. 利用随机数运行时可知字符串绕过检测的Runtime.exec的JSP WebShell: 17_2.jsp

二、脚本执行

  1. ScriptEngine.eval的JSP WebShell: 3.jsp
  2. Tomcat EL的JSP WebShell: 14.jsp
  3. 精简一句话ScriptEngine.eval的JSP WebShell: 19.jsp/19_2.jsp

三、字节码、反序列化相关

  1. BCEL字节码的JSP WebShell: 1.jsp
  2. 自定义类加载器的JSP WebShell: 2.jsp
  3. URLClassLoader加载远程jar的JSP WebShell: 4.jsp
  4. jdk.nashorn.internal.runtime.ScriptLoader类加载器加载的JSP WebShell: 6.jsp
  5. SPI机制的ScriptEngineManager自动加载实例化JSP WebShell: 10.jsp
  6. 利用TemplatesImpl触发的JSP WebShell: 11.jsp
  7. 重写ObjectInputStream.resolveClass实现反序列化readObject触发的JSP WebShell: 12.jsp
  8. JdbcRowSetImpl进行jndi注入的JSP WebShell: 13.jsp
  9. BCEL类加载器进行一定包装-可能在某些禁了loadClass方法的地方bypass的JSP WebShell: 15.jsp
  10. VersionHelper包装的URLClassLoader类加载器的JSP WebShell: 16.jsp
  11. 利用TemplatesImpl反序列化的JSP WebShell: 18.jsp
  12. 利用 Proxy native 方法 defineClass0 加载类字节码 WebShell: 20.jsp

四、动态编译

  1. javac动态编译class的JSP WebShell: 5.jsp

五、标签注入

  1. 利用jsp标签属性注入解析后代码的JSP WebShell: 22.jsp

jsp-webshells's People

Contributors

4ra1n avatar su18 avatar threedr3am avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

751643992 thinkergod kikaylee lucifaer vkbiu xiaoq1z afant1 be-gay-security-team i-liberty sry309 yzddmr6 weiwhy madkarl qiyeboy smitnald r4b3rt kangd1w2 dogadmin dnslog95 yut0u simlelcf k1p2y3 dycsy thinkphpdev tdr130 vegychick ap3255 02bx r4c0box fairyming w2n1ck feisec idealdreamlast msf-ntdll wang0098 gold1029 hackdou binddns on1sm mithrilwoodrat mayter fzxcp3 flaray bypass007 geekmc sslvtao jasonlou chennqqi a0xpg shadowsock5 wangsz05 s3cj0y wifido ilkkai top-xu makefunny why1an h1d3r syl3r intbjw fewave xundididi fbion benjamins16 icysun todolin water4168 fa1c0n1 jurafish dictators seeblog fightingboy1 m0s30 5l1v3r1 echocipher foreverluck flying0er devilmaycrying coffeehb brucessking yeshuibo hi-kk haihaihihihi hellopoc ekko-zhao a-new bill-bil bobo9487 itwangjie amakerlee misakayuii hasdkkk19 taibaiyifeng ht6677 tomtom18-eng schira4396 monopole-zh geek-bigniu gysf666 idnu11

jsp-webshells's Issues

第12个webshell请教

三梦师傅好,我在研究你的jsp-webshells,第12个运行的时候报“java.lang.ClassNotFoundException: XXXX”错误,Java小白,不知道要怎么改,希望师傅不吝赐教!

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.