Comments (6)
这个堆栈是正常的,payload 已经触发了,RdnEntry 用到的是 compreTo -> equals
from ysomap.
Interesting - my payload didn't fire though. Any suggestions on how to get it to fire based on that stack trace?
from ysomap.
- 你是怎么生成当前的payload的?是否是用Hessian2的类型生成的?
- 你是怎么利用的?是否有考虑目标环境不出网的情况?
from ysomap.
Thank you for your response.
- it is generated using various payloads, all with the same stack trace:
ysomap payload(SpringPartiallyComparableAdvisorHolder) bullet(SpringJndiBullet1) > show options
[+] [2023-05-23 08:15:08] print current session settings!
[2023-05-23 08:15:08] Current Payload: SpringPartiallyComparableAdvisorHolder
[2023-05-23 08:15:08] Current SerializeType: hessian
[2023-05-23 08:15:08] Current Serializer Encoder: null
[2023-05-23 08:15:08] Current Serializer Output Type: file
[2023-05-23 08:15:08] Current Serializer serialVersionUID: null
[2023-05-23 08:15:08] Current Bullet: SpringJndiBullet1
if I use hessian2 as the serializerType I get the following error:
javax.servlet.ServletException: com.caucho.hessian.io.HessianProtocolException: expected hessian method ('m') at 0x43 (C)
com.caucho.hessian.server.HessianServlet.service(HessianServlet.java:404)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
</pre><p><b>Root Cause</b></p><pre>com.caucho.hessian.io.HessianProtocolException: expected hessian method ('m') at 0x43 (C)
com.caucho.hessian.io.Hessian2Input.error(Hessian2Input.java:2705)
com.caucho.hessian.io.Hessian2Input.readMethod(Hessian2Input.java:265)
com.caucho.hessian.server.HessianSkeleton.invoke(HessianSkeleton.java:136)
com.caucho.hessian.server.HessianSkeleton.invoke(HessianSkeleton.java:109)
com.caucho.hessian.server.HessianServlet.service(HessianServlet.java:396)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
- The target definitely has internet connectivity.
from ysomap.
我看堆栈错误应该是hessian2的类型,再试一次下面的流程
- git clone ysomap
- 修改core目录下的pom.xml
from ysomap.
需要在 jdk8 的环境下打包
from ysomap.
Related Issues (16)
- CommonsBeanutils1生成ser后要怎么使用? HOT 8
- 请问一下:如果我想用shiro+JRMP+cb链或者cc链+注入一个内存马 HOT 3
- 生成序列化文件失败 HOT 1
- 可以在 Release 里面提供一个编译好的 jar 包吗😂 HOT 1
- ReflectionHelper.newInstance应用面较小 HOT 1
- show options exception HOT 1
- infinite loop when run explot HOT 1
- 请问一下,如何对fastjson注入一个内存马
- 请问一下如何HashMap通过反射修改put方法,put进去的key HOT 3
- 报错 HOT 3
- DELETED
- ShiroRCE1 exploit AES过程错误 HOT 1
- CommonsCollections3 生成POC时 出现 Bullet Type Not Match 错误 HOT 2
- 使用payload生成时提示com.thoughtworks.xstream.converters.ConversionException: Security alert. Marshalling rejected. HOT 2
- 新功能建议 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ysomap.