feihong-cs / shiroexploit-deprecated Goto Github PK
View Code? Open in Web Editor NEWShiro550/Shiro721 一键化利用工具,支持多种回显方式
Shiro550/Shiro721 一键化利用工具,支持多种回显方式
各位大佬,你们jdk版本是多少。14瑟瑟发抖啊
正常的逻辑如下:在探测key时,正确的key不返回rememberMe的headers头,在key错误时会返回rememberMe=deleteMe。
但是在新版本工具中并没有进行判断错误情况,直接判断了“如果不返回rememberMe,则key正确”。造成误报。
root@kali:java -jar ShiroExploit.jar
错误: 找不到或无法加载主类 com.shiroexploit.gui.StartPane
原因: java.lang.NoClassDefFoundError: javafx/application/Application
希望新增功能——支持http代理选项
windows server 2016 在运行之后报错如下:
[+] Find Valid Gadget: CommonsCollections9
[+] Find Valid Gadget: CommonsCollections6
Exception in thread "Thread-6" java.lang.IllegalStateException: Not on FX application thread; currentThread = Thread-6
at com.sun.javafx.tk.Toolkit.checkFxUserThread(Unknown Source)
at com.sun.javafx.tk.quantum.QuantumToolkit.checkFxUserThread(Unknown Source)
at javafx.scene.Scene.addToDirtyList(Unknown Source)
at javafx.scene.Node.addToSceneDirtyList(Unknown Source)
at javafx.scene.Node.impl_markDirty(Unknown Source)
at javafx.scene.Node.notifyParentsOfInvalidatedCSS(Unknown Source)
at javafx.scene.Node.requestCssStateTransition(Unknown Source)
at javafx.scene.Node.pseudoClassStateChanged(Unknown Source)
at javafx.scene.Node$10.invalidated(Unknown Source)
at javafx.beans.property.BooleanPropertyBase.markInvalid(Unknown Source)
at javafx.beans.property.BooleanPropertyBase.set(Unknown Source)
at javafx.scene.Node.setDisabled(Unknown Source)
at javafx.scene.Node.updateDisabled(Unknown Source)
at javafx.scene.Node.access$500(Unknown Source)
at javafx.scene.Node$MiscProperties$8.invalidated(Unknown Source)
at javafx.beans.property.BooleanPropertyBase.markInvalid(Unknown Source)
at javafx.beans.property.BooleanPropertyBase.set(Unknown Source)
at javafx.scene.Node.setDisable(Unknown Source)
at com.shiroexploit.gui.MainPane$9.run(MainPane.java:458)
at java.lang.Thread.run(Unknown Source)
望解答,谢谢
这个可以配置代理吗
D:\ShiroExploit.V2.2 利用成功
D:\haha haha\ShiroExploit.V2.2 利用失败 提示应用不存在相应漏洞…………
建议:增加对dns-log的自定义
现在很多安全设备对dnslog.cn与 ceye.io会进行黑名单封禁,所以增加个自定义dnslog域名的,这样就可以误报,这个很重要 我觉得,加上这个自定义功能 这个工具就完美了~~~
https貌似不友好
$ java -jar ShiroExploit.jar
错误: 找不到或无法加载主类 com.shiroexploit.gui.StartPane
$ java -version
openjdk version "1.8.0_312"
OpenJDK Runtime Environment (Zulu 8.58.0.13-CA-macos-aarch64) (build 1.8.0_312-b07)
OpenJDK 64-Bit Server VM (Zulu 8.58.0.13-CA-macos-aarch64) (build 25.312-b07, mixed mode)
�mac m1 java最低只能安装这个版本了,能指导下怎么解决么
建议师傅在jrmp 发起请求的时候输出key的响应时间,在目标机器不出网的情况下可以判断是否反序列化成功,也就是jrmp延时来判断目标存在漏洞。
(师傅好强啊。
还有一个问题:师傅写shell的函数是写到了ysoserial 中嘛?
第一:
期待加上wyzxxz中的gadget
参考地址:https://github.com/wyzxxz/shiro_rce
第二:
在我大量的测试中发现,只给定URL交给您的程序去探测的话会有很多本来有洞的无法探测到
建议,给定一个配置文件或者输入框,让用户将burp拦截到的原本请求包,交给程序去探测
第三:对于key,建议不硬编码,方便我们才平时的测试中加入自己收集到的key
期待您的回复
无办法检测到http协议的漏洞站点
手工检测漏洞存在,并且收到了JRMP通讯,工具不行。。。。
可以加我微信,Git同ID
怎么编译源码,编译报错了怎么办,能给一个详细的流程吗
从keys.conf读取的key 程序在fuzz时 没有按照 keys.conf中的顺序来,建议按行读取
优点:方便使用时 按需在keys.conf排序 优先级高的key
code怎么编译成jar?能讲一下吗
同一个目标,2.1版本Can not find a valid gadget
环境:
macos m1
zulu-11.jdk
javafx 11.0.2 mac x64
java --module-path $PATH_TO_FX --add-modules javafx.controls -jar ShiroExploit.jar
Exception in Application start method
Exception in thread "JavaFX Application Thread" java.lang.NoClassDefFoundError: com/sun/javafx/scene/control/skin/BehaviorSkinBase
at org.controlsfx.control.CheckComboBox.createDefaultSkin(CheckComboBox.java:304)
at javafx.controls/javafx.scene.control.Control.doProcessCSS(Control.java:897)
at javafx.controls/javafx.scene.control.Control$1.doProcessCSS(Control.java:89)
at javafx.controls/com.sun.javafx.scene.control.ControlHelper.processCSSImpl(ControlHelper.java:67)
at javafx.graphics/com.sun.javafx.scene.NodeHelper.processCSS(NodeHelper.java:146)
at javafx.graphics/javafx.scene.Node.processCSS(Node.java:9456)
at javafx.graphics/javafx.scene.Node.processCSS(Node.java:9449)
at javafx.graphics/javafx.scene.Node.processCSS(Node.java:9449)
at javafx.graphics/javafx.scene.Node.processCSS(Node.java:9449)
at javafx.graphics/javafx.scene.Scene.doCSSPass(Scene.java:569)
at javafx.graphics/javafx.scene.Scene$ScenePulseListener.pulse(Scene.java:2474)
at javafx.graphics/com.sun.javafx.tk.Toolkit.lambda$runPulse$2(Toolkit.java:414)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at javafx.graphics/com.sun.javafx.tk.Toolkit.runPulse(Toolkit.java:413)
at javafx.graphics/com.sun.javafx.tk.Toolkit.firePulse(Toolkit.java:440)
at javafx.graphics/com.sun.javafx.tk.quantum.QuantumToolkit.pulse(QuantumToolkit.java:564)
at javafx.graphics/com.sun.javafx.tk.quantum.QuantumToolkit.pulse(QuantumToolkit.java:544)
at javafx.graphics/com.sun.javafx.tk.quantum.QuantumToolkit.pulseFromQueue(QuantumToolkit.java:537)
at javafx.graphics/com.sun.javafx.tk.quantum.QuantumToolkit.lambda$runToolkit$11(QuantumToolkit.java:343)
at javafx.graphics/com.sun.glass.ui.InvokeLaterDispatcher$Future.run(InvokeLaterDispatcher.java:96)
Exception in thread "JavaFX Application Thread" java.lang.NoClassDefFoundError: com/sun/javafx/scene/control/skin/BehaviorSkinBase
at org.controlsfx.control.CheckComboBox.createDefaultSkin(CheckComboBox.java:304)
at javafx.controls/javafx.scene.control.Control.doProcessCSS(Control.java:897)
at javafx.controls/javafx.scene.control.Control$1.doProcessCSS(Control.java:89)
at javafx.controls/com.sun.javafx.scene.control.ControlHelper.processCSSImpl(ControlHelper.java:67)
at javafx.graphics/com.sun.javafx.scene.NodeHelper.processCSS(NodeHelper.java:146)
at javafx.graphics/javafx.scene.Node.processCSS(Node.java:9456)
at javafx.graphics/javafx.scene.Node.processCSS(Node.java:9449)
at javafx.graphics/javafx.scene.Node.processCSS(Node.java:9449)
at javafx.graphics/javafx.scene.Node.processCSS(Node.java:9449)
at javafx.graphics/javafx.scene.Scene.doCSSPass(Scene.java:569)
at javafx.graphics/javafx.scene.Scene$ScenePulseListener.pulse(Scene.java:2474)
at javafx.graphics/com.sun.javafx.tk.Toolkit.lambda$runPulse$2(Toolkit.java:414)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at javafx.graphics/com.sun.javafx.tk.Toolkit.runPulse(Toolkit.java:413)
at javafx.graphics/com.sun.javafx.tk.Toolkit.firePulse(Toolkit.java:440)
at javafx.graphics/com.sun.javafx.tk.quantum.QuantumToolkit.pulse(QuantumToolkit.java:564)
at javafx.graphics/com.sun.javafx.tk.quantum.QuantumToolkit.pulse(QuantumToolkit.java:544)
at javafx.graphics/com.sun.javafx.tk.quantum.QuantumToolkit.pulseFromQueue(QuantumToolkit.java:537)
at javafx.graphics/com.sun.javafx.tk.quantum.QuantumToolkit.lambda$runToolkit$11(QuantumToolkit.java:343)
at javafx.graphics/com.sun.glass.ui.InvokeLaterDispatcher$Future.run(InvokeLaterDispatcher.java:96)
java.lang.reflect.InvocationTargetException
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at javafx.graphics/com.sun.javafx.application.LauncherImpl.launchApplicationWithArgs(LauncherImpl.java:464)
at javafx.graphics/com.sun.javafx.application.LauncherImpl.launchApplication(LauncherImpl.java:363)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at java.base/sun.launcher.LauncherHelper$FXHelper.main(LauncherHelper.java:1051)
Caused by: java.lang.RuntimeException: Exception in Application start method
at javafx.graphics/com.sun.javafx.application.LauncherImpl.launchApplication1(LauncherImpl.java:900)
at javafx.graphics/com.sun.javafx.application.LauncherImpl.lambda$launchApplication$2(LauncherImpl.java:195)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.lang.NoClassDefFoundError: com/sun/javafx/scene/control/skin/BehaviorSkinBase
at java.base/java.lang.ClassLoader.defineClass1(Native Method)
at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1017)
at java.base/java.security.SecureClassLoader.defineClass(SecureClassLoader.java:174)
at java.base/jdk.internal.loader.BuiltinClassLoader.defineClass(BuiltinClassLoader.java:800)
at java.base/jdk.internal.loader.BuiltinClassLoader.findClassOnClassPathOrNull(BuiltinClassLoader.java:698)
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(BuiltinClassLoader.java:621)
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:579)
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522)
at org.controlsfx.control.CheckComboBox.createDefaultSkin(CheckComboBox.java:304)
at javafx.controls/javafx.scene.control.Control.doProcessCSS(Control.java:897)
at javafx.controls/javafx.scene.control.Control$1.doProcessCSS(Control.java:89)
at javafx.controls/com.sun.javafx.scene.control.ControlHelper.processCSSImpl(ControlHelper.java:67)
at javafx.graphics/com.sun.javafx.scene.NodeHelper.processCSS(NodeHelper.java:146)
at javafx.graphics/javafx.scene.Parent.doProcessCSS(Parent.java:1400)
at javafx.graphics/javafx.scene.Parent$1.doProcessCSS(Parent.java:125)
at javafx.graphics/com.sun.javafx.scene.ParentHelper.processCSSImpl(ParentHelper.java:98)
at javafx.graphics/com.sun.javafx.scene.NodeHelper.processCSS(NodeHelper.java:146)
at javafx.graphics/javafx.scene.Parent.doProcessCSS(Parent.java:1400)
at javafx.graphics/javafx.scene.Parent$1.doProcessCSS(Parent.java:125)
at javafx.graphics/com.sun.javafx.scene.ParentHelper.processCSSImpl(ParentHelper.java:98)
at javafx.graphics/com.sun.javafx.scene.NodeHelper.processCSS(NodeHelper.java:146)
at javafx.graphics/javafx.scene.Parent.doProcessCSS(Parent.java:1400)
at javafx.graphics/javafx.scene.Parent$1.doProcessCSS(Parent.java:125)
at javafx.graphics/com.sun.javafx.scene.ParentHelper.processCSSImpl(ParentHelper.java:98)
at javafx.graphics/com.sun.javafx.scene.NodeHelper.processCSS(NodeHelper.java:146)
at javafx.graphics/javafx.scene.Node.processCSS(Node.java:9456)
at javafx.graphics/javafx.scene.Scene.doCSSPass(Scene.java:569)
at javafx.graphics/javafx.scene.Scene.preferredSize(Scene.java:1750)
at javafx.graphics/javafx.scene.Scene$2.preferredSize(Scene.java:393)
at javafx.graphics/com.sun.javafx.scene.SceneHelper.preferredSize(SceneHelper.java:66)
at javafx.graphics/javafx.stage.Window$12.invalidated(Window.java:1111)
at javafx.base/javafx.beans.property.BooleanPropertyBase.markInvalid(BooleanPropertyBase.java:110)
at javafx.base/javafx.beans.property.BooleanPropertyBase.set(BooleanPropertyBase.java:145)
at javafx.graphics/javafx.stage.Window.setShowing(Window.java:1187)
at javafx.graphics/javafx.stage.Window.show(Window.java:1202)
at javafx.graphics/javafx.stage.Stage.show(Stage.java:273)
at com.shiroexploit.gui.StartPane.start(StartPane.java:64)
at javafx.graphics/com.sun.javafx.application.LauncherImpl.lambda$launchApplication1$9(LauncherImpl.java:846)
at javafx.graphics/com.sun.javafx.application.PlatformImpl.lambda$runAndWait$12(PlatformImpl.java:474)
at javafx.graphics/com.sun.javafx.application.PlatformImpl.lambda$runLater$10(PlatformImpl.java:447)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at javafx.graphics/com.sun.javafx.application.PlatformImpl.lambda$runLater$11(PlatformImpl.java:446)
at javafx.graphics/com.sun.glass.ui.InvokeLaterDispatcher$Future.run(InvokeLaterDispatcher.java:96)
Caused by: java.lang.ClassNotFoundException: com.sun.javafx.scene.control.skin.BehaviorSkinBase
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:581)
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522)
... 44 more
Exception running application com.shiroexploit.gui.StartPane
Shiro550VerifiertWithJRMP 模式下 fuzz出来的key是错误的,本来应该是另一个key,不知道为啥程序会给出一个错误的key
老铁你好,我这java环境下直接运行总是出现这个错误,这个需要什么配置码?
java -jar ShiroExploit-v2.0.jar
错误: 找不到或无法加载主类 com.MainApp
原因: java.lang.NoClassDefFoundError: javafx/application/Application
java -version
java version "15.0.1" 2020-10-20
Java(TM) SE Runtime Environment (build 15.0.1+9-18)
Java HotSpot(TM) 64-Bit Server VM (build 15.0.1+9-18, mixed mode, sharing)
网上查了下没啥结果,看着像是缺个javafx库之类的,但是我也没听说java运行环境需要这个呀。我把这个库放到java安装对应目录内,运行后还是错误。
Exception in thread "Thread-8" java.lang.NullPointerException
at com.shiroexploit.vulnverifier.Shiro550VerifiertUsingDNSLog.getValidGadget(Shiro550VerifiertUsingDNSLog.java:42)
at com.shiroexploit.gui.MainPane$6.run(MainPane.java:361)
at java.lang.Thread.run(Thread.java:748)
550 windows反弹shell不行。[抱大腿]
下载下来哪里有打开地方
使用工具反弹shell到服务器上,但是没有监听到是怎么回事呢???求大佬解答一下
会逐个尝试Gadget爆破得出不同的rememberMe,每个都有近百个到几百个blocks,停不下来。假如第一个Gadget爆破出了一个rememberMe,可否停下来,便于开始执行命令
[] After RoundTask: 850504030201
[] After RoundTask: 07850504030201
[] After RoundTask: 0807850504030201
[] After RoundTask: 090807850504030201
[] After RoundTask: 0a090807850504030201
[] After RoundTask: 0b0a090807850504030201
[] After RoundTask: 880b0a090807850504030201
[] After RoundTask: 0d880b0a090807850504030201
[] After RoundTask: 0e0d880b0a090807850504030201
[] After RoundTask: 0f0e0d880b0a090807850504030201
[] After RoundTask: 100f0e0d880b0a090807850504030201
[+] Get intermediary: 100f0e0d880b0a090807850504030201
[+] Get cipherText: 7e7b6760ed0c0a0309078f6261775074
[] Calulating block 44
[] After RoundTask: 01
[] After RoundTask: 0201
[] After RoundTask: 030201
[] After RoundTask: 04030201
[] After RoundTask: 0504030201
[] After RoundTask: 060504030201
[] After RoundTask: 07060504030201
[] After RoundTask: 6d07060504030201
Exception in thread "Thread-6" java.util.concurrent.RejectedExecutionException: Task com.shiroexploit.core.RoundTask$1@36fa4687 rejected from java.util.concurrent.ThreadPoolExecutor@4b2f7758[Terminated, pool size = 0, active threads = 0, queued tasks = 0, completed tasks = 1]
at java.util.concurrent.ThreadPoolExecutor$AbortPolicy.rejectedExecution(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.reject(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.execute(Unknown Source)
at com.shiroexploit.core.RoundTask.start(RoundTask.java:42)
at com.shiroexploit.core.PaddingOracle.getIntermediary(PaddingOracle.java:22)
at com.shiroexploit.core.PaddingOracle.encrypt(PaddingOracle.java:82)
at com.shiroexploit.vulnverifier.Shiro721VerifiertUsingCeye.getValidGadget(Shiro721VerifiertUsingCeye.java:36)
at com.shiroexploit.gui.MainPane$6.run(MainPane.java:372)
at java.lang.Thread.run(Unknown Source)
[] After RoundTask: 31ddad78
org.apache.commons.codec.DecoderException: Odd number of characters.
at org.apache.commons.codec.binary.Hex.decodeHex(Hex.java:99)
at org.apache.commons.codec.binary.Hex.decodeHex(Hex.java:80)
at com.shiroexploit.util.Tools.generatePayload(Tools.java:69)
at com.shiroexploit.core.RoundTask$1.run(RoundTask.java:53)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
[] After RoundTask: 1531ddad78
org.apache.commons.codec.DecoderException: Odd number of characters.
at org.apache.commons.codec.binary.Hex.decodeHex(Hex.java:99)
at org.apache.commons.codec.binary.Hex.decodeHex(Hex.java:80)
at com.shiroexploit.util.Tools.generatePayload(Tools.java:69)
at com.shiroexploit.core.RoundTask$1.run(RoundTask.java:53)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
[] After RoundTask: 161531ddad78
[] After RoundTask: 4f161531ddad78
[] After RoundTask: 0c4f161531ddad78
[] After RoundTask: 090c4f161531ddad78
[] After RoundTask: 0b090c4f161531ddad78
[] After RoundTask: 030b090c4f161531ddad78
org.apache.commons.codec.DecoderException: Odd number of characters.
at org.apache.commons.codec.binary.Hex.decodeHex(Hex.java:99)
at org.apache.commons.codec.binary.Hex.decodeHex(Hex.java:80)
at com.shiroexploit.util.Tools.generatePayload(Tools.java:69)
at com.shiroexploit.core.RoundTask$1.run(RoundTask.java:53)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
[*] After RoundTask: 1c030b090c4f161531ddad78
org.apache.commons.codec.DecoderException: Odd number of characters.
at org.apache.commons.codec.binary.Hex.decodeHex(Hex.java:99)
at org.apache.commons.codec.binary.Hex.decodeHex(Hex.java:80)
at com.shiroexploit.util.Tools.generatePayload(Tools.java:69)
at com.shiroexploit.core.RoundTask$1.run(RoundTask.java:53)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
各位大佬知道为什么我的可以检测到key值,但是执行命令之后没有任何回显。只显示哥done。
有大佬碰到过么?
2020-10-26 18:39:31,406 DEBUG [org.apache.shiro.mgt.AbstractRememberMeManager]: There was a failure while trying to retrieve remembered principals. This could be due to a configuration problem or corrupted principals. This could also be due to a recently changed encryption key. The remembered identity will be forgotten and not used for this request.
org.apache.shiro.io.SerializationException: Unable to deserialze argument byte array.
at org.apache.shiro.io.DefaultSerializer.deserialize(DefaultSerializer.java:82)
at org.apache.shiro.mgt.AbstractRememberMeManager.deserialize(AbstractRememberMeManager.java:516)
at org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:433)
at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:398)
at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:604)
at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:492)
at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:342)
at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292)
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:583)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:513)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:119)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)
at org.eclipse.jetty.server.Server.handle(Server.java:539)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:333)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108)
at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)
at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.io.StreamCorruptedException: invalid type code: CA
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1601)
at java.io.ObjectInputStream.readArray(ObjectInputStream.java:1950)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1567)
at java.io.ObjectInputStream.readArray(ObjectInputStream.java:1950)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1567)
at java.io.ObjectInputStream.access$800(ObjectInputStream.java:214)
at java.io.ObjectInputStream$GetFieldImpl.readFields(ObjectInputStream.java:2452)
at java.io.ObjectInputStream.readFields(ObjectInputStream.java:601)
at com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl.readObject(TemplatesImpl.java:253)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1170)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2178)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2069)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1573)
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:2287)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2167)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2069)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1573)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:431)
at java.util.HashMap.readObject(HashMap.java:1412)
at sun.reflect.GeneratedMethodAccessor18.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1170)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2178)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2069)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1573)
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:2287)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2167)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2069)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1573)
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:2287)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2167)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2069)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1573)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:431)
at org.apache.shiro.io.DefaultSerializer.deserialize(DefaultSerializer.java:77)
... 36 more
建议检测和回显增加指定key遍历gadgets,目前的情况是指定了key就必须指定gadgets
方便提供一下联系方式么,我好提供一个测试用例,https还是有问题
有时候定义好的gadget利用失败,但实际上是有可利用的gadget的,例如某yi系统的gadget“CommonsCollectionsK1”,
老版本2.3可以成功,最新版本2,.4.2失败了
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.