0.4

0.4

.gitignore

@@ -1,7 +1,7 @@
-#idea
-.idea
-*.iml
-
-
-#maven编译
-target
+#idea
+.idea
+*.iml
+
+
+#maven编译
+target

README.md

@@ -16,77 +16,77 @@ e-cology WorkflowServiceXml-RCE (默认写入内存马 冰蝎 3.0 beta11)
 e-office logo_UploadFile.php-RCE (默认写入冰蝎4.0.3aes) 
 e-office10 OfficeServer.php-RCE (默认写入冰蝎4.0.3aes) 
 e-office doexecl.php-RCE (写入phpinfo,需要getshell请自行利用) 
-e-mobile_6.6 messageType.do-SQlli (sqlmap利用，暂无直接shell的exp) 
+e-mobile_6.6 messageType.do-SQlli (sqlmap利用，暂无直接shell的exp)
 
 蓝凌： 
 landray_datajson-RCE (可直接执行系统命令) 
 landray_treexmlTmpl-RCE (可直接执行系统命令) 
-landray_sysSearchMain-RCE (多个payload，写入哥斯拉 3.03 密码 yes) 
+landray_sysSearchMain-RCE (多个payload，写入哥斯拉 3.03 密码 yes)
 
 用友: 
 yongyou_chajet_RCE (用友畅捷通T+ rce 默认写入哥斯拉 Cshap/Cshap_aes_base64) 
 yongyou_NC_FileReceiveServlet-RCE 反序列化rce (默认写入冰蝎4.0.3aes) 
 yongyou_NC_bsh.servlet.BshServlet_RCE (可直接执行系统命令) 
 yongyou_NC_NCFindWeb 目录遍历漏洞 (可查看是否存在历史遗留webshell) 
 yongyou_GRP_UploadFileData-RCE(默认写入冰蝎4.0.3aes) 
-yongyou_KSOA_imageUpload-RCE (默认写入冰蝎4.0.3aes) 
+yongyou_KSOA_imageUpload-RCE (默认写入冰蝎4.0.3aes)
 
 万户： 
 wanhuoa_OfficeServer-RCE(默认写入冰蝎4.0.3aes) 
 wanhuoa_OfficeServer-RCE(默认写入哥斯拉4.0.1 jsp aes 默认密码密钥) 
 wanhuoa_DocumentEdit-SQlli(mssql数据库 可 os-shell) 
 wanhuoa_OfficeServerservlet-RCE(默认写入冰蝎4.0.3aes) 
-wanhuoa_fileUploadController-RCE(默认写入冰蝎4.0.3aes) 
+wanhuoa_fileUploadController-RCE(默认写入冰蝎4.0.3aes)
 
 致远： 
 seeyonoa_main_log4j2-RCE (仅支持检测，自行开启ladp服务利用) 
 seeyonoa_wpsAssistServlet-RCE(默认写入冰蝎4.0.3aes) 
 seeyonoa_htmlofficeservlet-RCE(默认写入冰蝎4.0.3aes) 
-seeyonoa_ajaxBypass-RCE(写入天蝎 密码sky) 
- 
+seeyonoa_ajaxBypass-RCE(写入天蝎 密码sky)
+
 通达: 
 tongdaoa_getdata-RCE (直接执行系统命令) 
-tongdaoa_apiali-RCE (默认写入冰蝎4.0.3aes) 
- 
+tongdaoa_apiali-RCE (默认写入冰蝎4.0.3aes)
+
 中间件: 
-IIS_PUT_RCE (emm暂时没办法getshell 仅支持检测 java没有MOVE方法) 
+IIS_PUT_RCE (emm暂时没办法getshell 仅支持检测 java没有MOVE方法)
 
 安全设备: 
 综合安防_applyCT_fastjson-RCE(仅支持检测,自行使用ladp服务利用) 
 网康下一代防火墙_ngfw_waf_route-RCE(写入菜刀shell 密码:nishizhu) 
-网御星云账号密码泄露 
- 
+网御星云账号密码泄露
+
 使用截图： 
 ![QQ截图20221014202028](https://user-images.githubusercontent.com/100954709/195846430-84bfff61-2c7b-4027-abcc-76d5910b76e4.png) 
 ![QQ截图20221014202151](https://user-images.githubusercontent.com/100954709/195846449-cbf2d0c2-e0f6-4567-b0d4-d9ead527d459.png) 
-![3](https://user-images.githubusercontent.com/100954709/193958439-cdaf1a64-55f4-4afb-9a44-cfec5e237208.png) 
+![3](https://user-images.githubusercontent.com/100954709/193958439-cdaf1a64-55f4-4afb-9a44-cfec5e237208.png)
 
 ---
-## 工具模块: 
+## 工具模块:
 
 文件上传指令生成 
- ![upload](https://user-images.githubusercontent.com/100954709/195846198-3133fd70-3849-4dfe-862c-c42dd865b214.png) 
+![upload](https://user-images.githubusercontent.com/100954709/195846198-3133fd70-3849-4dfe-862c-c42dd865b214.png)
 
 
 Tasklist敏感进程检测 
-![tasklist](https://user-images.githubusercontent.com/100954709/195846255-b06e35e9-718b-4b69-a203-cadb88338858.png) 
- 
+![tasklist](https://user-images.githubusercontent.com/100954709/195846255-b06e35e9-718b-4b69-a203-cadb88338858.png)
+
 反弹shell命令生成 
 ![shell](https://user-images.githubusercontent.com/100954709/195846331-474bdd57-ef97-45a5-b872-5b39de592c70.png)
 
 
 ---
-## 配置相关 
+## 配置相关
 
 部分漏洞使用dnslog检测 请自行修改 Apt_config/dnslog下内容 
-本工具使用CEYE.IO 只需修改为自己的地址及tokent即可 
+本工具使用CEYE.IO 只需修改为自己的地址及tokent即可
 
 ---
 ## 问题反馈
 可直接提Issu 
-或加我wx进群交流，微信请备注apt 
- 
-![my](https://user-images.githubusercontent.com/100954709/193801691-df73fec6-284a-450a-943a-09fe023bcde0.png) 
+或加我wx进群交流，微信请备注apt
+
+![my](https://user-images.githubusercontent.com/100954709/193801691-df73fec6-284a-450a-943a-09fe023bcde0.png)
 
 ---
 ## 免责声明

pom.xml

@@ -1,90 +1,90 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http:https://maven.apache.org/POM/4.0.0"
- xmlns:xsi="http:https://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http:https://maven.apache.org/POM/4.0.0 http:https://maven.apache.org/xsd/maven-4.0.0.xsd">
- <modelVersion>4.0.0</modelVersion>
-
- <groupId>cn.luckyh</groupId>
- <artifactId>apt_tools</artifactId>
- <version>1.0-SNAPSHOT</version>
- <packaging>jar</packaging>
-
- <properties>
- <maven.compiler.source>8</maven.compiler.source>
- <maven.compiler.target>8</maven.compiler.target>
- <maven.compiler.encoding>UTF-8</maven.compiler.encoding>
- <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
- </properties>
- <dependencies>
- <dependency>
- <groupId>cn.hutool</groupId>
- <artifactId>hutool-all</artifactId>
- <version>5.8.8</version>
- </dependency>
-<!-- https://mvnrepository.com/artifact/com.jfoenix/jfoenix-->
- <dependency>
- <groupId>com.jfoenix</groupId>
- <artifactId>jfoenix</artifactId>
- <version>9.0.10</version>
- </dependency>
-<!-- <dependency>-->
-<!-- <groupId>org.yaml</groupId>-->
-<!-- <artifactId>snakeyaml</artifactId>-->
-<!-- <version>1.33</version>-->
-<!-- </dependency>-->
-<!-- <dependency>-->
-<!-- <groupId>com.alibaba</groupId>-->
-<!-- <artifactId>fastjson</artifactId>-->
-<!-- <version>2.0.14</version>-->
-<!-- </dependency>-->
- <dependency>
- <groupId>com.jfoenix</groupId>
- <artifactId>jfoenix</artifactId>
- <version>8.0.10</version>
- </dependency>
- <dependency>
- <groupId>org.junit.jupiter</groupId>
- <artifactId>junit-jupiter-api</artifactId>
- <version>5.9.0</version>
- </dependency>
-
-
- </dependencies>
-
-
- <build>
- <finalName>${project.artifactId}</finalName><!--修改编译出来的jar包名，仅为{artifactId}.jar-->
- <plugins>
-
- <!-- 打包依赖包到jar中 -->
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-assembly-plugin</artifactId>
- <version>3.3.0</version>
- <configuration>
- <archive>
- <manifest>
- <mainClass>Main</mainClass>
- </manifest>
- </archive>
- <!-- get all project dependencies -->
- <descriptorRefs>
- <descriptorRef>jar-with-dependencies</descriptorRef>
- </descriptorRefs>
- <!-- MainClass in mainfest make a executable jar -->
- <!-- 运行文件名 -->
- </configuration>
- <executions>
- <execution>
- <id>make-assembly</id>
- <phase>package</phase>
- <goals>
- <goal>single</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
-
- </plugins>
- </build>
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http:https://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http:https://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http:https://maven.apache.org/POM/4.0.0 http:https://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <groupId>cn.luckyh</groupId>
+ <artifactId>apt_tools</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ <packaging>jar</packaging>
+
+ <properties>
+ <maven.compiler.source>8</maven.compiler.source>
+ <maven.compiler.target>8</maven.compiler.target>
+ <maven.compiler.encoding>UTF-8</maven.compiler.encoding>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ </properties>
+ <dependencies>
+ <dependency>
+ <groupId>cn.hutool</groupId>
+ <artifactId>hutool-all</artifactId>
+ <version>5.8.8</version>
+ </dependency>
+<!-- https://mvnrepository.com/artifact/com.jfoenix/jfoenix-->
+<!-- <dependency>-->
+<!-- <groupId>com.jfoenix</groupId>-->
+<!-- <artifactId>jfoenix</artifactId>-->
+<!-- <version>9.0.10</version>-->
+<!-- </dependency>-->
+<!-- <dependency>-->
+<!-- <groupId>org.yaml</groupId>-->
+<!-- <artifactId>snakeyaml</artifactId>-->
+<!-- <version>1.33</version>-->
+<!-- </dependency>-->
+<!-- <dependency>-->
+<!-- <groupId>com.alibaba</groupId>-->
+<!-- <artifactId>fastjson</artifactId>-->
+<!-- <version>2.0.14</version>-->
+<!-- </dependency>-->
+ <dependency>
+ <groupId>com.jfoenix</groupId>
+ <artifactId>jfoenix</artifactId>
+ <version>8.0.10</version>
+ </dependency>
+ <dependency>
+ <groupId>org.junit.jupiter</groupId>
+ <artifactId>junit-jupiter-api</artifactId>
+ <version>5.9.0</version>
+ </dependency>
+
+
+ </dependencies>
+
+
+ <build>
+ <finalName>${project.artifactId}</finalName><!--修改编译出来的jar包名，仅为{artifactId}.jar-->
+ <plugins>
+
+ <!-- 打包依赖包到jar中 -->
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <version>3.3.0</version>
+ <configuration>
+ <archive>
+ <manifest>
+ <mainClass>Main</mainClass>
+ </manifest>
+ </archive>
+ <!-- get all project dependencies -->
+ <descriptorRefs>
+ <descriptorRef>jar-with-dependencies</descriptorRef>
+ </descriptorRefs>
+ <!-- MainClass in mainfest make a executable jar -->
+ <!-- 运行文件名 -->
+ </configuration>
+ <executions>
+ <execution>
+ <id>make-assembly</id>
+ <phase>package</phase>
+ <goals>
+ <goal>single</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+
+ </plugins>
+ </build>
 </project>

src/main/java/Main.java

@@ -1,24 +1,24 @@
-import cn.hutool.core.io.resource.ResourceUtil;
-import java.util.Objects;
-import javafx.application.Application;
-import javafx.fxml.FXMLLoader;
-import javafx.scene.Parent;
-import javafx.scene.Scene;
-import javafx.stage.Stage;
-
-public class Main extends Application {
-
- @Override
- public void start(Stage primaryStage) throws Exception{
- Parent root = FXMLLoader.load(ResourceUtil.getResource("fxml/Main.fxml"));
- primaryStage.setTitle("APT");
- Scene scene = new Scene(root,1280,910);
- scene.getStylesheets().add(Objects.requireNonNull(Main.class.getResource("/css/main.css")).toExternalForm());
- primaryStage.setScene(scene);
- primaryStage.show();
- }
-
- public static void main(String[] args) {
- launch(args);
- }
-}
+import cn.hutool.core.io.resource.ResourceUtil;
+import java.util.Objects;
+import javafx.application.Application;
+import javafx.fxml.FXMLLoader;
+import javafx.scene.Parent;
+import javafx.scene.Scene;
+import javafx.stage.Stage;
+
+public class Main extends Application {
+
+ @Override
+ public void start(Stage primaryStage) throws Exception{
+ Parent root = FXMLLoader.load(ResourceUtil.getResource("fxml/Main.fxml"));
+ primaryStage.setTitle("APT");
+ Scene scene = new Scene(root,1280,910);
+ scene.getStylesheets().add(Objects.requireNonNull(Main.class.getResource("/css/main.css")).toExternalForm());
+ primaryStage.setScene(scene);
+ primaryStage.show();
+ }
+
+ public static void main(String[] args) {
+ launch(args);
+ }
+}

src/main/java/SimpleTest.java

@@ -1,24 +1,24 @@
-import cn.hutool.core.util.RandomUtil;
-
-import java.io.UnsupportedEncodingException;
-import java.util.concurrent.ExecutionException;
-import sun.misc.BASE64Encoder;
-import utils.shell;
-
-public class SimpleTest {
-
- private static Object pop;
-
- public static void main(String[] args) throws InterruptedException, ExecutionException {
- try {
- BASE64Encoder encoder = new BASE64Encoder();
- String text = "file_put_contents('../../fb6790f4.php','" + shell.readFile(shell.Phppath) +"');";
- byte[] textByte = text.getBytes("UTF-8");
- String encodedText = encoder.encode(textByte).replace("\r\n","");
- System.out.println(encodedText);
- } catch (UnsupportedEncodingException e) {
- e.printStackTrace();
- }
-
- }
+import cn.hutool.core.util.RandomUtil;
+
+import java.io.UnsupportedEncodingException;
+import java.util.concurrent.ExecutionException;
+import sun.misc.BASE64Encoder;
+import utils.shell;
+
+public class SimpleTest {
+
+ private static Object pop;
+
+ public static void main(String[] args) throws InterruptedException, ExecutionException {
+ try {
+ BASE64Encoder encoder = new BASE64Encoder();
+ String text = "file_put_contents('../../fb6790f4.php','" + shell.readFile(shell.Phppath) +"');";
+ byte[] textByte = text.getBytes("UTF-8");
+ String encodedText = encoder.encode(textByte).replace("\r\n","");
+ System.out.println(encodedText);
+ } catch (UnsupportedEncodingException e) {
+ e.printStackTrace();
+ }
+
+ }
 }