veo / wsmemshell Goto Github PK
View Code? Open in Web Editor NEWWebSocket 内存马/Webshell,一种新型内存马/WebShell技术
Home Page: https://veo.pub/2022/memshell/
WebSocket 内存马/Webshell,一种新型内存马/WebShell技术
Home Page: https://veo.pub/2022/memshell/
resin环境下好像不行,如果大佬有时间还望适配一下。
访问路径127.0.0.1:8080/examples/wscmd.jsp?path=/x 后未成功注入websocks服务,无法连接127.0.0.1:8080/examples/x。
师傅打扰一下,请问师傅的websocket client是怎么下载的 我在app store上下载不了,换了美区账号也是一样
javax API需要转换到jakarta API
<%@ page import="jakarta.websocket.server.ServerEndpointConfig" %>
<%@ page import="jakarta.websocket.server.ServerContainer" %>
<%@ page import="jakarta.websocket." %>
<%@ page import="java.io." %>
错了错了个人问题
Hello, the fifth point you mentioned is that the inverse sequence can be directly implemented in memory, but this proxy class will compile multiple class files, including internal classes. If you define directly, there is a problem with the processing logic. Do you have a landing implementation scheme
TyrusServerContainer container = (TyrusServerContainer) servletContext.getAttribute(ServerContainer.class.getName());方法在JDK1.8 weblogic12.1.3环境下,wsAddAllContainer.jsp和wscmd.jsp脚本一直返回是空是什么原因?weblogic版本不对吗?
测试环境:
5.15.49-1-MANJARO
Apache Tomcat/9.0.62
需要重启Tomcat才会恢复
http://test.com/1.jsp?path=/proxy
javax.websocket.DeploymentException: ??????????????WebSocket????????[{1}]????[]?Web????
环境
tomcat-7.0.72
java version "1.7.0_79"
HTTP状态 500 - 内部服务器错误
类型 异常报告
消息 无法为JSP编译类:
描述 服务器遇到一个意外的情况,阻止它完成请求。
例外情况
org.apache.jasper.JasperException: 无法为JSP编译类:
JSP文件:[/wscmd.jsp] 的第 [29] 行发生了一个错误
Cannot refer to the non-final local variable session defined in an enclosing scope
26: out = e.toString();
27: }
28: try {
29: session.getBasicRemote().sendText(out);
30: } catch (IOException e) {
31: e.printStackTrace();
32: }
Stacktrace:
org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:102)
org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:213)
org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:580)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:380)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:350)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:334)
org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:597)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:398)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:383)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:331)
javax.servlet.http.HttpServlet.service(HttpServlet.java:764)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)
org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:109)
):注意 主要问题的全部 stack 信息可以在 server logs 里查看
请问一下这个报错正常吗?
我拿测试环境试了一下发现,中文的内容返回都是乱码。还有websocket client有没有windows版本的,用bp发包和插件都不太方便。bp构造ws请求时path部分不知道怎么构造,只能抓插件的包拿来用。也挺头疼的!关于java的文件的利用,由于我对内存马不是特别了解,通常搭配的应该类似jndi注入这种来用。但是注入成功后如何调用就不太清楚,没有测试过。
好像反序列化时示例代码里删掉TEST方法才能成功运行?
我对websocket不熟,师傅有没有想过ws能不能实现功能比较多的shell管理,或者说冰蝎哥斯拉蚁剑这些工具的内存马能不能在ws下成功生效?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.