search

SummerSec / ShiroAttack2

shiro反序列化漏洞综合利用,包含(回显执行命令/注入内存马)修复原版中NoCC的问题 https://github.com/j1anFen/shiro_attack
MIT License
2.07k stars 268 forks source link

ShiroAttack2 4.5.2 版本检测失败,原版ShiroAttack 2.2成功执行 #14

Closed Asura88 closed 2 years ago

Asura88 commented 2 years ago

ShiroAttack2 4.5.2 版本检测失败,原版ShiroAttack 2.2成功执行

ShiroAttack2 4.5.2 版本

image

爆破过程速度慢,显示key是

[++] 存在shiro框架! [++] 找到key:kPH+bIxk5D2deZiIxcaaaA== [+] 爆破结束

ShiroAttack 2.2

image

爆破速度同样慢,但是准确,已经成功执行命令

image
Asura88 commented 2 years ago

人呢?

SummerSec commented 2 years ago

见https://github.com/SummerSec/ShiroAttack2/issues/16