nacos 2.03 报错

[klmyssn]

*****未检测到内存马，自动注入开始***** SLF4J: Class path contains multiple SLF4J bindings. SLF4J: Found binding in [jar:file:/C:/Penetration/ExpolitTools/Nacos/NacosRce_jar/slf4j-simple-1.7.25.jar!/org/slf4j/impl/StaticLoggerBinder.class] SLF4J: Found binding in [jar:file:/C:/Penetration/ExpolitTools/Nacos/NacosRce_jar/logback-classic-1.2.11.jar!/org/slf4j/impl/StaticLoggerBinder.class] SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation. SLF4J: Actual binding is of type [org.slf4j.impl.SimpleLoggerFactory] [main] INFO com.alipay.sofa.jraft.util.JRaftServiceLoader - SPI service [com.alipay.sofa.jraft.rpc.RaftRpcFactory - com.alipay.sofa.jraft.rpc.impl.GrpcRaftRpcFactory] loading. java.lang.IllegalStateException: failed to create a child event loop at io.grpc.netty.shaded.io.netty.util.concurrent.MultithreadEventExecutorGroup.<init>(MultithreadEventExecutorGroup.java:88) at io.grpc.netty.shaded.io.netty.util.concurrent.MultithreadEventExecutorGroup.<init>(MultithreadEventExecutorGroup.java:60) at io.grpc.netty.shaded.io.netty.util.concurrent.MultithreadEventExecutorGroup.<init>(MultithreadEventExecutorGroup.java:49) at io.grpc.netty.shaded.io.netty.channel.MultithreadEventLoopGroup.<init>(MultithreadEventLoopGroup.java:59) at io.grpc.netty.shaded.io.netty.channel.nio.NioEventLoopGroup.<init>(NioEventLoopGroup.java:87) at io.grpc.netty.shaded.io.netty.channel.nio.NioEventLoopGroup.<init>(NioEventLoopGroup.java:82) at io.grpc.netty.shaded.io.netty.channel.nio.NioEventLoopGroup.<init>(NioEventLoopGroup.java:69) at io.grpc.netty.shaded.io.grpc.netty.Utils$DefaultEventLoopGroupResource.create(Utils.java:444) at io.grpc.netty.shaded.io.grpc.netty.Utils$DefaultEventLoopGroupResource.create(Utils.java:417) at io.grpc.internal.SharedResourceHolder.getInternal(SharedResourceHolder.java:104) at io.grpc.internal.SharedResourceHolder.get(SharedResourceHolder.java:74) at io.grpc.internal.SharedResourcePool.getObject(SharedResourcePool.java:35) at io.grpc.netty.shaded.io.grpc.netty.NettyChannelBuilder$NettyTransportFactory.<init>(NettyChannelBuilder.java:695) at io.grpc.netty.shaded.io.grpc.netty.NettyChannelBuilder.buildTransportFactory(NettyChannelBuilder.java:539) at io.grpc.netty.shaded.io.grpc.netty.NettyChannelBuilder$NettyChannelTransportFactoryBuilder.buildClientTransportFactory(NettyChannelBuilder.java:182) at io.grpc.internal.ManagedChannelImplBuilder.build(ManagedChannelImplBuilder.java:627) at io.grpc.internal.AbstractManagedChannelImplBuilder.build(AbstractManagedChannelImplBuilder.java:297) at com.alipay.sofa.jraft.rpc.impl.GrpcClient.newChannel(GrpcClient.java:210) at java.util.concurrent.ConcurrentHashMap.computeIfAbsent(Unknown Source) at com.alipay.sofa.jraft.rpc.impl.GrpcClient.getChannel(GrpcClient.java:199) at com.alipay.sofa.jraft.rpc.impl.GrpcClient.getCheckedChannel(GrpcClient.java:188) at com.alipay.sofa.jraft.rpc.impl.GrpcClient.invokeAsync(GrpcClient.java:145) at com.alipay.sofa.jraft.rpc.impl.GrpcClient.invokeSync(GrpcClient.java:118) at com.alipay.sofa.jraft.rpc.RpcClient.invokeSync(RpcClient.java:71) at com.alipay.sofa.jraft.rpc.impl.AbstractClientService.connect(AbstractClientService.java:149) at com.alipay.sofa.jraft.RouteTable.refreshLeader(RouteTable.java:244) at com.nacostools.rce.NacosRce.sendPayload(NacosRce.java:132) at com.nacostools.rce.NacosRce.main(NacosRce.java:76) Caused by: io.grpc.netty.shaded.io.netty.channel.ChannelException: failed to open a new selector at io.grpc.netty.shaded.io.netty.channel.nio.NioEventLoop.openSelector(NioEventLoop.java:178) at io.grpc.netty.shaded.io.netty.channel.nio.NioEventLoop.<init>(NioEventLoop.java:145) at io.grpc.netty.shaded.io.netty.channel.nio.NioEventLoopGroup.newChild(NioEventLoopGroup.java:183) at io.grpc.netty.shaded.io.netty.channel.nio.NioEventLoopGroup.newChild(NioEventLoopGroup.java:38) at io.grpc.netty.shaded.io.netty.util.concurrent.MultithreadEventExecutorGroup.<init>(MultithreadEventExecutorGroup.java:84) ... 27 more Caused by: java.io.IOException: Unable to establish loopback connection at sun.nio.ch.PipeImpl$Initializer.run(Unknown Source) at sun.nio.ch.PipeImpl$Initializer.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.nio.ch.PipeImpl.<init>(Unknown Source) at sun.nio.ch.SelectorProviderImpl.openPipe(Unknown Source) at java.nio.channels.Pipe.open(Unknown Source) at sun.nio.ch.WindowsSelectorImpl.<init>(Unknown Source) at sun.nio.ch.WindowsSelectorProvider.openSelector(Unknown Source) at io.grpc.netty.shaded.io.netty.channel.nio.NioEventLoop.openSelector(NioEventLoop.java:176) ... 31 more Caused by: java.net.ConnectException: Connection refused: connect at sun.nio.ch.Net.connect0(Native Method) at sun.nio.ch.Net.connect(Unknown Source) at sun.nio.ch.Net.connect(Unknown Source) at sun.nio.ch.SocketChannelImpl.connect(Unknown Source) at java.nio.channels.SocketChannel.open(Unknown Source) at sun.nio.ch.PipeImpl$Initializer$LoopbackConnector.run(Unknown Source) ... 40 more *****自动注入结束，注入失败*****

[aotumanbiu]

遇到同样问题，麻烦问下大佬是什么原因

[klmyssn]

遇到同样问题，麻烦问下大佬是什么原因

emmmm当时也是没解决，没管了后面

[aotumanbiu]

遇到同样问题，麻烦问下大佬是什么原因

emmmm当时也是没解决，没管了后面

那大佬对于这个漏洞的检测，您最后是怎么进行验证的呢

[klmyssn]

遇到同样问题，麻烦问下大佬是什么原因

emmmm当时也是没解决，没管了后面

那大佬对于这个漏洞的检测，您最后是怎么进行验证的呢

这个我们当时就没考虑直接打内存马了，就直接绕过登陆然后获取敏感信息去日了。详情可以参考下我们整理的漏洞文章 https://mp.weixin.qq.com/s/ROJ4DCn1YPKGXcZlqyo4sw

[aotumanbiu]

遇到同样问题，麻烦问下大佬是什么原因

emmmm当时也是没解决，没管了后面

那大佬对于这个漏洞的检测，您最后是怎么进行验证的呢

这个我们当时就没考虑直接打内存马了，就直接绕过登陆然后获取敏感信息去日了。详情可以参考下我们整理的漏洞文章 https://mp.weixin.qq.com/s/ROJ4DCn1YPKGXcZlqyo4sw

我好像没有看到关于Nacos反序列化漏洞的验证

[klmyssn]

遇到同样问题，麻烦问下大佬是什么原因

emmmm当时也是没解决，没管了后面

那大佬对于这个漏洞的检测，您最后是怎么进行验证的呢

这个我们当时就没考虑直接打内存马了，就直接绕过登陆然后获取敏感信息去日了。详情可以参考下我们整理的漏洞文章 https://mp.weixin.qq.com/s/ROJ4DCn1YPKGXcZlqyo4sw

我好像没有看到关于Nacos反序列化漏洞的验证

诶哟我去，好像还真是，，我们后面没研究了诶，要不你再网上搜索