Giter VIP home page Giter VIP logo

wsmemshell's People

Contributors

hosch3n avatar veo avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

mk4t1xp j5s conanjun ffadd atlassion timeshu whoamiecho sv3nbeast chennqqi qianniaoge aqimmm 853866252 heyzm geekmc test1213145 sec-fork lay0us akunwin yzddmr6 steward007 cnmars laowang1026 zyylhn functfan ridter 0xfa-team y11en opensesamedoors zzhsec tuo4n8 fengjixuchui redamancy404 nkingpp lucifaer 0xa-cc bingpo whami-root selfevo mr-lit zhanggx96 libaizaishuijiao jasonlou guhu22 trganda c33dd hosch3n nuc-orz-lab one9t-xc ravensss vicl1fe asphalt415 sesyi h9dawn arryboom willshion dc3l1ne ttimochan syslaowang b1ngda0 istoliving listenquiet ir-st achuna33 y4tacker shuimuliu n0-traces whizsail crackercat meowwbox 7ten7 ccqtv123 l34rner yeshuibo m0ge h1d3r startagain2016 coolplay-1 savior-only f-feng lengxu sanchahua amjiyu wang0098 jinnywc cream-sec shinpachi8 askyeye st-lucifer ice-001 byaaronluo ddostest123 slowmistio wisdark endliang dk47os3r m0unta1ner times125 mstheholy liehu dawn0207

wsmemshell's Issues

tomcat9.0.64未成功

访问路径127.0.0.1:8080/examples/wscmd.jsp?path=/x 后未成功注入websocks服务,无法连接127.0.0.1:8080/examples/x。

websocket client

师傅打扰一下,请问师傅的websocket client是怎么下载的 我在app store上下载不了,换了美区账号也是一样

Tomcat10版本中,jsp木马中的javax API需要转换

javax API需要转换到jakarta API

<%@ page import="jakarta.websocket.server.ServerEndpointConfig" %>
<%@ page import="jakarta.websocket.server.ServerContainer" %>
<%@ page import="jakarta.websocket." %>
<%@ page import="java.io." %>

Deserialization memory problem

Hello, the fifth point you mentioned is that the inverse sequence can be directly implemented in memory, but this proxy class will compile multiple class files, including internal classes. If you define directly, there is a problem with the processing logic. Do you have a landing implementation scheme

weblogic12.1.3 报错

TyrusServerContainer container = (TyrusServerContainer) servletContext.getAttribute(ServerContainer.class.getName());方法在JDK1.8 weblogic12.1.3环境下,wsAddAllContainer.jsp和wscmd.jsp脚本一直返回是空是什么原因?weblogic版本不对吗?

# 环境异常

ws Client 连接时出现如下异常,通过Evaluate 查看时,container 中已经存在了相应的path。

请问有遇到过相关得异常情况吗?

图片

报错问题 Tomcat8 

HTTP状态 500 - 内部服务器错误
类型 异常报告

消息 无法为JSP编译类:

描述 服务器遇到一个意外的情况,阻止它完成请求。

例外情况

org.apache.jasper.JasperException: 无法为JSP编译类: 

JSP文件:[/wscmd.jsp] 的第 [29] 行发生了一个错误
Cannot refer to the non-final local variable session defined in an enclosing scope
26:                             out = e.toString();
27:                         }
28:                         try {
29:                             session.getBasicRemote().sendText(out);
30:                         } catch (IOException e) {
31:                             e.printStackTrace();
32:                         }


Stacktrace:
	org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:102)
	org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:213)
	org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:580)
	org.apache.jasper.compiler.Compiler.compile(Compiler.java:380)
	org.apache.jasper.compiler.Compiler.compile(Compiler.java:350)
	org.apache.jasper.compiler.Compiler.compile(Compiler.java:334)
	org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:597)
	org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:398)
	org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:383)
	org.apache.jasper.servlet.JspServlet.service(JspServlet.java:331)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:764)
	org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
	org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)
	org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:109)
):注意 主要问题的全部 stack 信息可以在 server logs 里查看

请问一下这个报错正常吗?

你好!我想问下执行命令情况下中文乱码有没办法解决和一些其他问题

我拿测试环境试了一下发现,中文的内容返回都是乱码。还有websocket client有没有windows版本的,用bp发包和插件都不太方便。bp构造ws请求时path部分不知道怎么构造,只能抓插件的包拿来用。也挺头疼的!关于java的文件的利用,由于我对内存马不是特别了解,通常搭配的应该类似jndi注入这种来用。但是注入成功后如何调用就不太清楚,没有测试过。

500错误

jdk1.8.0_221 tomcat8.5.57师傅看看咋回事
image

有没有可能使冰蝎哥斯拉连接ws型shell?

好像反序列化时示例代码里删掉TEST方法才能成功运行?
我对websocket不熟,师傅有没有想过ws能不能实现功能比较多的shell管理,或者说冰蝎哥斯拉蚁剑这些工具的内存马能不能在ws下成功生效?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.