Comments (8)
wh1t3p1g
commented on July 19, 2024
生成ser的过程也没有填key(⊙o⊙)?
额,cb1好像不用key。你说的是shiro的么?
from ysomap.
maybe-why-not
commented on July 19, 2024
对,就这个
from ysomap.
wh1t3p1g
commented on July 19, 2024
可以看一下https://github.com/wh1t3p1g/ysomap/blob/master/core/src/main/java/ysomap/core/exploit/framework/shiro/ShiroRCE1.java
先使用这个exploit,然后选择cb1为payload
from ysomap.
maybe-why-not
commented on July 19, 2024
设置完exploit、payload后,exploit部分还是提示need to set a payload
from ysomap.
wh1t3p1g
commented on July 19, 2024
这个need to set a payload不用管
顺序是设置exploit->payload->bullet
use exploit ShiroRCE1
// set options
use payload cb1
use bullet Templ...
// set options
run
from ysomap.
maybe-why-not
commented on July 19, 2024
xray验证出key,ysomap不能
from ysomap.
wh1t3p1g
commented on July 19, 2024
我这边暂时没有环境,之前测试是可以的
你可以把下面的verify去掉
然后打印一下加密后的数据,调试看看问题在哪里
from ysomap.
wh1t3p1g
commented on July 19, 2024
您好,
最新版修复了ShiroRce1,如果环境还在,可以确认一下。
当前exp已通过vulhub的shiro环境的测试。
from ysomap.
Related Issues (16)
- 请问一下:如果我想用shiro+JRMP+cb链或者cc链+注入一个内存马 HOT 3
- 生成序列化文件失败 HOT 1
- 可以在 Release 里面提供一个编译好的 jar 包吗😂 HOT 1
- ReflectionHelper.newInstance应用面较小 HOT 1
- show options exception HOT 1
- infinite loop when run explot HOT 1
- 请问一下,如何对fastjson注入一个内存马
- 请问一下如何HashMap通过反射修改put方法,put进去的key HOT 3
- 报错 HOT 3
- Hessian XString deserialisation stack trace HOT 6
- DELETED
- ShiroRCE1 exploit AES过程错误 HOT 1
- CommonsCollections3 生成POC时 出现 Bullet Type Not Match 错误 HOT 2
- 使用payload生成时提示com.thoughtworks.xstream.converters.ConversionException: Security alert. Marshalling rejected. HOT 2
- 新功能建议 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ysomap.