Giter Site home page Giter Site logo

rasp-bypass-benchmark's Introduction

RASP-Bypass Benchmark

bypass1 - jni

System.load

Attack RASP based JAVA.

image-20221108111231741

image-20221108111655699

ClassLoader.loadLibrary0

image-20221108111354903

image-20221108111633372

tomcat-jni

开启时需要指定

-Djava.library.path=./jni/

image-20221108134130084

bypass2 - 混淆的类名

gozila

混淆类名

image-20221109110717445

image-20221109110846562

behinder

image-20221109110904346

bypass3 - new thread

注入新线程 让rasp失去上下文信息从而绕过rasp检查。

image-20221109161735565

image-20221109114022828

bypass4 - Bootstrap Classloader

BootStrap Classloader 负责加载JVM(Java核心类库),且程序尝试获取BootStrap Classloader 会返回NULL

image.png

可以使用Bootstrap Classloader 规避 内存马的检测(部分RASP存在内存马检测功能)。

image-20221109115350103

反射java.lang.instrument.Instrumentation#appendToBootstrapClassLoaderSearch

来将Jar 加入到 BootStrap ClassPath 下。

可以构造一个恶意的Jar包,或者利用文件上传,任意文件写入漏洞覆盖 charsets.jar

获取 Instrumentation 对象的方法如下:

  • Attach:可以加载自己的 agent,在 premain 或 agentmain 方法中可以拿到
  • 通过伪造 JPLISAgent 结构和反射调用 InstrumentationImpl 的 appendToBootstrapClassLoaderSearch 方法

bypass5 - unsafe

image-20221109135412892

使用Unsafe 无需构造器实例化对象,然后执行 Native 方法绕过 RASP检测。

基于 Instrument 的JavaAgent 只能hook JVM的Class 而无法 操作Native 方法。

执行 UnixProcess 的 forkAndExec 方法绕过(仅限 Unix 系统,Win下没有这个类,Win下可以使用ProcessImpl,但是没必要使用Unsafe)

bypass6 - 绕过黑名单

命令执行时可能会检测恶意的命令,比如 /bin/bash。

将 /bin/bash 复制到 /tmp/foobar

image-20221109174104822

image-20221109174049582

bypass7 - WeakReference GC

利用弱引用GC(GC 也是在新线程中完成的,应该也会失去部分上下文信息。)

bypass8 - Win ShellCode

利用sun.tools.attach.WindowsVirtualMachine 远程线程注入执行ShellCode

image-20221110162543996

rasp-bypass-benchmark's People

Contributors

p0wfuu avatar

Stargazers

Anoqu0n avatar avatar 哈里路大韭菜盒子 avatar CaiCaiGou avatar P1an0 avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.